BreachExchange mailing list archives
Local patients notified of stolen laptop containing patient information
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Fri, 28 Dec 2012 16:04:29 -0600
http://www.14news.com/story/20441631/gibson-general-hospital-notifying-patients-of-stolen-laptop-containing-patient-information PRINCETON, IN (WFIE) - Gibson General Hospital has mailed letters to patients informing them of the theft of a hospital laptop containing personal health information. The laptop was reported stolen, along with several other items, from an employee's home during a burglary on Nov. 27. The hospital says it took immediate steps to investigate and attempt to recover the laptop and to prevent further access to its information system via the laptop, which had security features in place, including password protection. The laptop has not yet been recovered, but Gibson General Hospital administration continues to work closely with local law enforcement in their investigation. "There is no evidence to believe that the data on the laptop was the target of the theft or that any information has been or will be accessed for fraudulent purposes," said Emmett Schuster, Gibson General Hospital president & CEO. "As a precautionary measure and part of Gibson General Hospital's commitment to protecting patient privacy, we are notifying all patients potentially impacted by the incident." The laptop was used by a hospital employee whose job requires 24/7 access to the hospital's electronic medical records system. Information accessed on that laptop may have automatically been saved to the laptop by the software utilized to perform those job duties. Without the laptop, the hospital is unable to determine with certainty whose information is affected. On December 26 letters were mailed to approximately 29,000 patients who received care at Gibson General Hospital since January 2007. The information may have included a patient's name, address, social security number and/or clinical information. "Protecting our patients' personal information is a priority at Gibson General Hospital, and we deeply regret that this occurred," added Schuster. "Since implementing electronic medical records in 2007, we have taken steps to prevent incidents such as this, and we will continue to review our policies and procedures to implement additional safeguards of patient privacy and PHI." Gibson General Hospital has set up a toll-free information line to assist patients who receive a letter and have questions regarding this issue. Anyone with questions regarding this incident may contact the information line at (866) 221-0155 between the hours of 9 a.m. to 7 p.m., Monday through Friday. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Local patients notified of stolen laptop containing patient information Erica Absetz (Dec 28)