Personal information for thousands of patients both at Hartford (Conn.) Hospital and VNA HealthCare, which provides home healthcare for Hartford HealthCare patients, is in jeopardy following the theft of an unencrypted laptop computer, the hospital announced this week. The computer was stolen on June 26 from the house of an employee working for a data analysis vendor helping the hospital as part of a quality improvement project.
Information for 7,461 VNA HealthCare patients and 2,097 Hartford Hospital patients--including names, addresses, birth dates, Social Security numbers and medical diagnoses--was on the stolen device. Hartford HealthCare said it will offer two years of free credit monitoring to all patients impacted by the theft, and added that it ordered the vendor to securely destroy any remaining data in its possession from the two facilities.
The theft adds to the growing number of hospitals reporting stolen laptops in recent months. Just last week, Chicago-based Northwestern Memorial Hospital announced that six laptop and tablet computers with personal health information for an undisclosed number of patients were stolen June 11 from its home hospice offices. The devices, according to Northwestern, were receiving software upgrades at the time, meaning the information--which included names, addresses, birth dates, Social Security numbers and medical treatment data--was accessible. Northwestern did not reveal how many patients were affected by the theft, but said it, too, was offering credit monitoring for those individuals.
Meanwhile, on July 23, Boston-based Beth Israel Deaconess Medical Center announced that protected health information for 3,900 patients was put at risk following the theft of a physician's personal laptop computer on May 22. While Social Security numbers and financial information were not among the stolen information, medical information summaries were included. A suspect was arrested in connection with the case, but the laptop remains missing.
BIDMC CIO John Halamka, in a blog post following the announcement, outlined the organization's plan to address mobile device security.