Officials at the University of California, San Francisco medical school are in the process of notifying 4,310 patients that some of their personal information may have been exposed after a laptop was stolen from an employee in late November.

The information included patients' names, medical record numbers, ages, and clinical information, according to a UCSF statement.

"A review conducted by UCSF Enterprise Information Security determined that the files contained limited data for some UCSF patients relating to their treatment at UCSF Medical Center in 2008 and 2009," according to the statement. "It also was determined that the employee had uploaded some files from a prior employer, Beth Israel Deaconess Medical Center in Boston, and these files contained some BIDMC patient data."

Officials said the UCSF police department began an investigation Dec. 1, and the laptop was recovered in Southern California on Jan. 8.

"Although there is no indication that unauthorized access to the files or the laptop actually took place, UCSF and BIDMC began sending out notifications to patients in January 2010," the statement continued.

California is one of 45 states required to notify people when their personal information has been compromised.

Colleges and universities have been hit by a rash of data breaches in the past year, exposing sensitive data including Social Security numbers, phone numbers and addresses of students, faculty and other university employees.

Lost or stolen devices and hacking attacks in the past year have targeted a variety of schools including the University of North Carolina, the University of California, Berkeley, Montana State University, the University of Michigan, Penn State and the University of Alabama.

UCSF officials have set up a toll-free number (1-877-809-1270 ext. 74005) to provide more information about the breach.

Larry Barrett is a senior editor at, the news service of, the network for technology professionals.