Medical Center Reports Stolen Laptop

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.lpch.org/aboutus/news/releases/2013/for-patients.html

For Release: January 21, 2013

STANFORD, Calif. -- Lucile Packard Children’s Hospital at Stanford and
the Stanford University School of Medicine are notifying patients by
mail that a password-protected laptop computer containing limited
medical information on pediatric patients was stolen from a
physician’s car away from campus on the night of January 9, 2013. This
incident was reported to Packard Children’s and the School of Medicine
on January 10. Immediately following discovery of the theft, Packard
Children’s and the School of Medicine launched an aggressive and
ongoing investigation with security and law enforcement, and began
contacting patients potentially affected.

The medical information on the stolen laptop was predominantly from
2009 and related to past care and research. The patient data did not
include financial or credit card information, nor did it contain
Social Security numbers or any other marketable information. It did
include names and dates of birth, basic medical descriptors, and
medical record numbers, which are used only by the hospital to
identify patients. In some cases, there was limited contact
information. There is no indication that any patient information has
been accessed or compromised.

Packard Children’s and the School of Medicine continue working
diligently with law enforcement to recover the laptop.

Individuals potentially affected are being offered the option of free
identity protection services, and a toll-free phone line has been
established for any questions families may have. The number is (855)
731-6016, and is available Monday through Friday from 6 a.m. to 6 p.m.
PST.

Lucile Packard Children’s Hospital and the School of Medicine strive
to be industry leaders in the area of medical information security. As
a result of this incident, we are taking additional steps to further
strengthen our policies and controls surrounding the protection of
patient data, including redoubling our efforts to ensure that all
computers and devices containing medical information are encrypted.

Information page for patients:
http://www.lpch.org/aboutus/news/for-patients.html

About Packard Children’s Hospital
Lucile Packard Children’s Hospital at Stanford is an internationally
recognized 311-bed hospital, research center and leading regional
medical network providing the full complement of services for the
health of children and expectant mothers. In partnership with the
Stanford University School of Medicine, our world-class doctors and
nurses deliver innovative, family-centered care in every pediatric and
obstetric specialty, tailored to every patient. Packard Children’s is
annually ranked as one of the nation’s best pediatric hospitals by
U.S. News & World Report and is the only Northern California
children’s hospital with specialty programs ranked in the U.S. News
Top 10. Learn more at www.lpch.org and about our continuing growth at
growing.lpch.org. Like us on Facebook, watch us on YouTube and follow
us on Twitter.

About Stanford University School of Medicine
The Stanford University School of Medicine consistently ranks among
the nation’s top medical schools, integrating research, medical
education, patient care and community service. For more news about the
school, please visit http://mednews.stanford.edu. The medical school
is part of Stanford Medicine, which includes Stanford Hospital &
Clinics and Lucile Packard Children’s Hospital. For information about
all three, please visit http://stanfordmedicine.org/about/news.html.
 Contact:

Robert Dicks (650-497-8364, rdicks () lpch org)
Michelle Brandt (650-723-0272, mbrandt () stanford edu)
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.