Establishing Digital Trust: Don't Sacrifice Security for Convenience
Vermont's North Country Hospital recently began notifying its patients that a former employee has refused to return a retired hospital laptop containing patient health information (h/t Becker's Hospital Review).
While the patient health information is password-protected, the individual is believed to have access to the appropriate passwords.
The hospital learned of the issue on September 18, 2013, and contacted the Newport Police Department on September 20, 2013, the Vermont Attorney General's Office on September 27, 2013, and the U.S. Department of Heath and Human Services on September 30, 2013.
It's not yet clear exactly what patient information is contained on the laptop.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"In the course of making demands of the Hospital, the former employee provided some limited information suggesting the contents of the laptop," the hospital explained in a statement. "Based on that information, we have been able to identify individuals who may have health information that was accessed by this individual. Those individuals are receiving individualized notices that address the nature of their personal information we believe may have been stored under password protection on the laptop."
The hospital doesn't believe that any of the information has been used inappropriately, or that any financial data or Social Security numbers are contained on the laptop.
"North Country Hospital has followed established policies and procedures to prevent this former employee from gaining access to further information," the notice states. "All administrator-level computer system user codes and passwords that he had access to were changed, and the compromised laptop will be 'locked-out' if there is an attempt to re-connect to the hospital information systems."
Patients with questions are advised to contact (802) 334-3253.