The hospital, through its official statement and a spokesperson, declines to specify how many SSNs were involved, but it appears to be a substantial number. “There was data for approximately 30,000 patients on the stolen laptop,” according to the spokesperson. “Most of the data was not financial in nature. About one-third of the records did include financial information such as Social Security numbers.”
The breach occurred on April 30 when a laptop was stolen from a physician’s home, according to the hospital. Other compromised information included names, medical record numbers, and treatment and/or research information. The hospital does not believe the laptop was stolen for its data, as other items also were taken from the house.
MD Anderson is offering credit monitoring services to patients with compromised Social Security numbers, and is accelerating an initiative to encrypt all computers.