Local patients notified of stolen laptop containing patient information

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.14news.com/story/20441631/gibson-general-hospital-notifying-patients-of-stolen-laptop-containing-patient-information

PRINCETON, IN (WFIE) -

Gibson General Hospital has mailed letters to patients informing them
of the theft of a hospital laptop containing personal health
information.

The laptop was reported stolen, along with several other items, from
an employee's home during a burglary on Nov. 27.

The hospital says it took immediate steps to investigate and attempt
to recover the laptop and to prevent further access to its information
system via the laptop, which had security features in place, including
password protection.

The laptop has not yet been recovered, but Gibson General Hospital
administration continues to work closely with local law enforcement in
their investigation.

"There is no evidence to believe that the data on the laptop was the
target of the theft or that any information has been or will be
accessed for fraudulent purposes," said Emmett Schuster, Gibson
General Hospital president & CEO. "As a precautionary measure and part
of Gibson General Hospital's commitment to protecting patient privacy,
we are notifying all patients potentially impacted by the incident."

The laptop was used by a hospital employee whose job requires 24/7
access to the hospital's electronic medical records system.

Information accessed on that laptop may have automatically been saved
to the laptop by the software utilized to perform those job duties.
Without the laptop, the hospital is unable to determine with certainty
whose information is affected.

On December 26 letters were mailed  to approximately 29,000 patients
who received care at Gibson General Hospital since January 2007. The
information may have included a patient's name, address, social
security number and/or clinical information.

"Protecting our patients' personal information is a priority at Gibson
General Hospital, and we deeply regret that this occurred," added
Schuster. "Since implementing electronic medical records in 2007, we
have taken steps to prevent incidents such as this, and we will
continue to review our policies and procedures to implement additional
safeguards of patient privacy and PHI."

Gibson General Hospital has set up a toll-free information line to
assist patients who receive a letter and have questions regarding this
issue. Anyone with questions regarding this incident may contact the
information line at (866) 221-0155 between the hours of 9 a.m. to 7
p.m., Monday through Friday.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.