Hospital Notifies Six Years Worth of Patients After Breach

A stolen, unencrypted laptop computer has caused 25-bed Gibson General Hospital in Princeton, Ind., to notify all 29,000 patients treated during the past six years of a breach of their protected health information.


A stolen, unencrypted laptop computer has caused 25-bed Gibson General Hospital in Princeton, Ind., to notify all 29,000 patients treated during the past six years of a breach of their protected health information.

The password-protected laptop was among the items stolen during a burglary of an employee’s home on Nov. 27, 2012, according to the hospital. Some employees are permitted to bring home laptops; the employee required 24-hour access to the electronic health records system, according to the hospital.

The laptop has not been found and the hospital cannot determine which patients had information on it, so it is notifying all patients since January 2007 when the EHR was implemented. But the clinical records contain names, addresses, Social Security numbers and treatment details, among other information. There is no indication the data has been accessed, according to a notice to patients.

Gibson General Hospital is offering affected patients one year of free credit monitoring and identity theft protection services. Gibson General is the only hospital in Gibson County with a population of about 33,500.

More for you

Loading data for hdm_tax_topic #reducing-cost...