The information of nearly 4,000 patients at Boston’s Beth Israel Deaconess Medical Center (BIDMC) may have been leaked according to a report from the Boston Globe over the weekend. A laptop was stolen from the Harvard-associated teaching hospital on May 22 that could yield the incomplete medical records of 3,900 patients.
“The laptop contained files that included short summaries of medical information used for administrative purposes within BIDMC,” reads one part of a press release issued by the hospital on Monday.
The hospital normally encrypts information on its employees’ laptops by default, yet according to Beth Israel Deaconess’ Chief Information Officer Dr. John Halamka, the computer, which was stolen from a physician’s office, was a personal laptop being used for office work.
After it discovered the theft, BIDMC notified law enforcement and a suspect was arrested soon after. The computer, which contains an inactive tracking device, has yet to be recovered however.
In response to the incident, the hospital has decided to implement a new “mandatory encryption” program. Through the program, all personal devices will undergo an encryption plan. The project is expected to take three months as BIDMC employs around 6,000 workers who own an estimated 1,500 devices, according to the Globe piece.
In addition to law enforcement, Beth Israel contacted a national forensics firm to research the breach that insists that no information was misused.
While the hospital isn’t specifying what kind “medical information” may have been leaked, BIDMC is reporting that the laptop did not contain Social Security numbers, complete medical records or medication lists. Halamka added “nothing that would be used from an identity theft perspective” was on the laptop either.
Last year, the details of 2,021 BIDMC radiology patients, including patient names, hospital medical record numbers, dates of birth and procedure information were leaked. That breach was ultimately blamed on a vendor who failed to restore security controls on a computer following maintenance.
As many companies who have been recently breached are wont to do, the hospital plans to send letters to those affected and has launched a toll-free telephone number for concerned patients who may have any questions.
Much like the BIDMC incident, almost 30,000 patients at a University of Texas cancer center were alerted last month their information might have been stolen in April. That leak involved a stolen, unencrypted laptop and included patients’ Social Security numbers however.