Stolen laptop puts information on 206,000 patients at risk

While cyber attacks, mounted remotely over the Internet, continue to be a core focus for healthcare information security, a newly disclosed breach shows that a simple theft of an unencrypted laptop can still cause big problems.

Premier Healthcare, a multi-specialty group practice in Bloomington, Ind., on January 4 discovered that a laptop holding protected health information on nearly 206,000 individuals had been stolen. The laptop was taken from an administrative office that was protected by an alarm; while it was protected by a password, its information was not encrypted.

Compromised data included names, addresses, dates of birth, medical record numbers, insurance information and some clinical information across screenshots, spreadsheets and PDF documents within the laptop, which was used to support billing functions. Social Security numbers or financial information for 1,769 individuals also were on the laptop.

Also See: The need for a culture of security compliance

In its announcement, Premier Healthcare did not indicate whether protective services are being offered to patients; the organization did not respond to queries from <I>Health Data Management</I> on protection services, the degree to which any computers were encrypted, and other aspects of the breach.

Now, Premier Healthcare is encrypting all computers and reviewing processes and protocols to better prevent theft in the future, a news release said.

For reprint and licensing requests for this article, click here.