The laptop, which was not encrypted, held patient names, dates of birth, responsible party names, addresses, physician names and unspecified billing information. It was stolen from an employee’s home on August 25. Notification letters went out on October 18.
The hospital is not automatically offering paid credit and identity protection services to affected patients, according to a spokesperson. The hospital is offering contact information for such services and recommending patients seek the services on their own, but will discuss payment options on an individual basis if a patient wants the hospital to pay.
The hospital also has taken steps to improve the security of all computing devices, but the spokesperson was not authorized to specify the improvements and if encryption is among them.