Laptop stolen from Packard Hospital

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.paloaltoonline.com/news/show_story.php?id=29950

A laptop computer that might have contained limited medical
information on pediatric patients has been stolen from a secure area
of Lucile Packard Children's Hospital, officials announced today.

The laptop was discovered missing from a secured,
badge-access-controlled area of the hospital on May 8 and was reported
by an employee. The hospital immediately launched an investigation
with Stanford Department of Public Safety and hospital security,
officials said in a statement. The laptop has not been found.

The computer is thought to contain operating-room schedules during a
three-year period beginning in 2009. Hospital officials are not
certain which operating schedules were on the computer, but 12,900
potentially affected patients are being notified by mail out of
caution, they said.

The information would include patient name, age, medical record
number, telephone number, scheduled surgical procedure, and the names
of physicians involved in the surgery, officials said.

There is no evidence that any pediatric patient data has been accessed
or otherwise compromised, they added. Financial or credit card
information, Social Security numbers, insurance numbers or any other
marketable information were not on the computer.

The laptop was outdated and damaged, and was on a schedule to have its
data removed by information technologists, officials said.

The hospital is taking the breach very seriously, they added.

"Lucile Packard Children's Hospital strives to be an industry leader
in the area of medical information security. As a result of this
incident, we are taking additional steps to further strengthen our
policies and controls surrounding the protection of patient data to
reduce the chance that an incident of this type will happen again,"
officials said.

The hospital is offering a year of identity-theft protection at no
cost to potentially-affected families who wish to have it and is
establishing a call center to answer questions from families. The
toll-free number is 855-683-1168, and is open Monday through Saturday
from 6 a.m. to 6 p.m. Pacific Standard Time.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.