Officials at Thomas Jefferson University Hospital in Philadelphia are beginning the long and shameful process of notifying 21,000-plus patients that a laptop containing their Social Security numbers, insurance information and other data was stolen from an office.
As eSecurity Planet reports, this latest preventable data breach serves as just the latest reminder that health-care organizations continue to be targeted by garden-variety crooks and identity thieves alike.
Earlier this week, the Identity Theft Resource Center issued a report that found hospitals and physicians’ offices were responsible for a disproportionate number of major data breaches reported in the first half of this year.
In April, a pair of incidents strikingly similar to the Thomas Jefferson University Hospital breach impacted patients in Massachusetts and California. In both cases, a laptop containing unencrypted patient information was stolen from either an employee’s car or office.
Thomas Jefferson University Hospital in Philadelphia this week became the latest hospital forced to notify thousands of patients that some of their most sensitive financial and medical information was compromised following a laptop theft.
Hospital officials said the names, birth dates, social security numbers, insurance information and other internal and administrative coding data, for approximately 21,000 patients was exposed after a laptop was stolen from an office in the hospital. The theft covers those who received inpatient care at the hospital between March and November of 2008.
On June 14, an employee reported a personal laptop he was using to store the data was stolen. While the laptop was password protected, the data itself was not encrypted. The hospital then hired Kroll, a risk consulting company, to conduct an internal investigation as it began the process of notifying those patients potentially affected by the breach.