Laptop Theft Affects 14,380 Patients – Security Breach Medical Records with Stolen Computer
Posted Apr 17 2009 11:50pm
Finally someone taking an approach on what can be downloaded to notebooks. Virtual Private networks should take the place of patient data on a local computer. Even the Department of Defense has a virus loaded from a flash drive that got into the entire system. In the times we live in, there should be no flash drives allowing downloading. These devices have some use though in allowing a menu for shortcuts for someone to easily access information, but as far as allowing any document storage, no.
In this case, password protected, but no encryption. The facility will now face the bill of providing credit information protection for the patients, which is another related cost. You can read here about the Department of Defense and their experience with flash drives. BD
Greensboro, N.C.-based Moses Cone Health System recently notified 14,380 patients that some of their identifiable information was on a laptop stolen in Canton, Ga., on March 9. The delivery system is offering the patients one year of free credit monitoring services and insurance protection from CSIdentity, Austin, Texas.
The laptop was stolen along with other items from the car of an employee of VHA Clinical Specialty Services, previously known as Goodroe Healthcare Solutions, a consulting division of provider alliance VHA Inc., Irving, Texas.
Identifiable information on the laptop included patient names, addresses, date-of-birth and about 6,000 Social Security numbers. Because the laptop was among several items stolen and "the data was in a format the average criminal could not access," Moses Cone officials do not believe any of the data was exposed, Matthews says. "We don't have any indication this data was used and hope patients use the credit monitoring service. We are very sorry that this happened."
Since the theft, VHA Clinical Specialty Services has changed its procedures for capturing information from hospitals, according to the VHA spokesperson. It has identified other laptops with hospital information and removed the data. Now, hospitals transmit data via the virtual private network directly into a server accessible only by authorized VHA users.