Joseph Goedert
JUN 29, 2012 12:13pm ET

Related Links

California Developing Guidance for Patient Consent of HIE
May 17, 2013
Quick Turnaround on Breach Notification
May 17, 2013
Hacker Gets Patient Credit Cards from North Carolina Providers
May 16, 2013
OCR Seminars to Walk through Omnibus HIPAA Rule
May 16, 2013
PHI Breach #3 for Indiana University
May 15, 2013
Breach Pattern: Thieves Seek X-rays for their Silver Content
May 14, 2013
Breach at The MED in Memphis Hits 1,200
May 13, 2013

Breach at MD Anderson Includes Social Security Numbers

Print
Reprints
Email

MD Anderson Cancer Center in Houston is notifying about 30,000 patients of a breach of protected health information that includes some Social Security numbers.

The hospital, through its official statement and a spokesperson, declines to specify how many SSNs were involved, but it appears to be a substantial number. “There was data for approximately 30,000 patients on the stolen laptop,” according to the spokesperson. “Most of the data was not financial in nature. About one-third of the records did include financial information such as Social Security numbers.”

The breach occurred on April 30 when a laptop was stolen from a physician’s home, according to the hospital. Other compromised information included names, medical record numbers, and treatment and/or research information. The hospital does not believe the laptop was stolen for its data, as other items also were taken from the house.

MD Anderson is offering credit monitoring services to patients with compromised Social Security numbers, and is accelerating an initiative to encrypt all computers.

Data Security
Consumer Health
EHR
Mobile Technology
Hardware
Stimulus
Hospitals
Policy & Regulation

Comments (4)
Now, all those 30,000 patients have to worry about the impact of that breach on their financial and personal lives. What healthcare industry needs is the ability to identify patients and assemble their medical information without reliance on SSNs, names and dates of birth. The technology that addresses that need is out there. Why don't hospitals implement it?
Posted by Irene S | Friday, June 29 2012 at 6:27PM ET
#1 Why is the physician talkng home the lap top that is the property of the hospital ? #2. Why doesn't he VPN in or use a web based portal? #3. Why is this information not encrypted? #4. Why is the hospital still using SSN? They can use last 4 digits. #5. Who in in charge of their PHI ?
Posted by Catherine S | Friday, June 29 2012 at 7:23PM ET
Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Most Read
Most Emailed

Slide Shows

Most Wasteful States for Prescription Meds
Twitter
Facebook
LinkedIn

Current Issue

Ready or Not, Here Come HIPAA Audits

As the feds ramp up enforcement of privacy and security rules, providers look to fill protection gaps.

Videos

Health I.T. Keeps NY Islanders On the Ice

Policy & Regulation

EHR

Health Info Exchange

Revenue Cycle & Payments

Chronic Care

Mobile Technology

Web Seminars

White Papers

Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
FOLLOW US
Already a subscriber? Log in here
Please note you must now log in with your email address and password.