Over a thousand patients' names, dates of birth, medical record numbers, diagnoses, and types and dates of surgery may have been exposed.
The Washington University School of Medicine in St. Louis recently announced that a physician's laptop was stolen at a conference in Argentina on November 28, 2012.
The laptop, which was password-protected but not encrypted, contained information on approximately 1,100 patients, including patients' names, dates of birth, medical record numbers, diagnoses, and types and dates of surgery. Social Security numbers were also included for 39 of the patients. The laptop has not been recovered.
"The university is providing identity protection services to patients whose information may have been stolen," writes The St. Louis Post-Dispatch's Blythe Bernard. "Employees will be re-trained on information security and encryption software will be added to computers. Anyone who thinks they were affected but has not received a letter from the university by Jan. 25 is asked to call 888-414-8020 during business hours and use the reference code 4692010712."
"Laptops and mobile devices are particularly vulnerable to patient data breaches," notes FierceHealthIT's Susan D. Hall. "A whopping 94 percent of the 80 participating healthcare organizations in a survey by The Ponemon Institute said they had experienced at least one data breach that they were aware of in the past two years. That report put the total cost of healthcare breaches at $6.78 billion annually."