In what is becoming an uncomfortably familiar scenario, Emory University officials sent out a mass mailing to cancer patients warning them that a laptop containing their personal health information had been stolen. The laptop was stolen from an office of Electronic Registry Systems (ERS), a business contractor in Ohio, which serves Emory Hospital, Emory Crawford Long Hospital and Grady Memorial Hospital. Records lost included names, social security numbers, patient addresses, medical data and treatment information.
ERS provides cancer registry data processing services to hospitals and health systems around the country. The ERS theft also spirited away data on patients treated by Pennsylvania's Geisinger Health System, which lost data on 25,000 patients, as well as patient data from Nashville, TN-based Williamson Medical Center and two other unidentified Ohio hospitals. ERS, for its part, says that the data is double password-protected, making it unlikely that common criminals will be able to hack into the database.
Officials with the hospitals affected say that there's no evidence identity theft was the motive for the theft. Still, as has been the case with several other data loss incidents, Emory officials are advising patients to put a fraud alert on their credit reports to prevent identity theft. (Oddly enough, given the trend with other hospital data thefts, officials didn't offer to pay for such monitoring.) Unfortunately, medical identity theft is an issue that ought to concern these consumers, so even if Emory et al won't pay, they're probably smart to pay for the monitoring.
For more about Emory's data problems:
- read this article in the Atlanta Journal-Constitution