Personal information for more than four million patients was compromised due to the July theft of four computers from the Advocate Medical Group in Park Ridge, Ill., the Chicago Tribune reports.
The information includes names, addresses, Social Security numbers and birthdays but no medical records or personal financial information, according to Kelly Jo Golson, senior vice president and chief marketing officer at Dawes Grove, Ill.-based Advocate Health Care, the Chicago area's largest physician group, with 1,000 doctors and 200 locations. Her group began sending letters to affected patients on Friday, Aug. 24, offering a free year of credit monitoring.
Golson said the computers were password-protected but not encrypted, a problem that befalls health groups all too often.
"Nothing leads us to believe the computers were taken for the information they contain, and there is no information to suggest any of that data has been used in an inappropriate way," Golson said in the article. "We want our patients to know that security is a top priority, and we're focused right now on putting together resources to make sure we can help answer any questions."
Paul Stephens, director of policy and advocacy at the nonprofit Privacy Rights Clearinghouse, an advocate for consumers' privacy rights, called the incident "a very significant breach" in the article and noted that "password protection is worthless."
According to the Tribune, at least 10 data breaches have been reported in Illinois this year.
Stolen laptop incidents are becoming commonplace among healthcare organizations. For example, in June, Lucile Packard Children's Hospital, a 311-bed facility in Palo Alto, Calif., suffered its third data breach in four years--and its second in six months--potentially effecting 12,900 patients. A password-protected, non-functional laptop computer was stolen from a secure area of the hospital in May, according to an announcement on the hospital's website.
In January, information for 57,000 Lucile Packard patients was put at risk when a laptop, which contained mostly research and follow-up care information, was stolen from an off-campus physician's car; three years earlier, its first incident occurred.
To learn more:
- read the article in the Chicago Tribune
Info for 57,000 patients at risk after laptop stolen from Lucile Packard
Hospital appeals $250K data breach penalty
Thefts at Stanford, Oregon hospitals jeopardize patient info for nearly 17k