The personal information of more than 2,100 Boston Children's Hospital patients has been jeopardized after a hospital employee lost a laptop containing unencrypted health data while at a conference in Buenos Aires, the Boston Globe reported. The data included names, birth dates, diagnoses and treatment information but no financial data or Social Security numbers.
Although the laptop was password protected, it was not encrypted, the hospital said Tuesday in a statement. During the time of theft, the laptop held a file with the patient data, included as an email attachment but not saved on the desktop. Boston Children's staff could determine if the file was accessed.
"Boston Children's takes this incident and the protection of protected health and personal information extremely seriously," Vice President for Information Services and CIO Daniel J. Nigrin said in the statement. "We take great measures to ensure that protected health information is never inadvertently released, and we are undertaking additional steps to prevent breaches such as this in the future."
The hospital has notified affected patients and families of the breach. Hospitals also must inform the media when the incident involves more than 500 people in one state, noted the Globe.
The state is no stranger to healthcare data breaches. In fact, more than 200 healthcare data breaches have affected almost 980,000 people in Massachusetts over the past four years, according to a report last month from the state's Office of Consumer Affairs and Business Regulation.
To learn more:
- read the Globe article
- here's the statement
- check out the OCABR report (.pdf)