A personal laptop of a former contractor for Howard University Hospital in Washington, D.C., was stolen and contained protected health information on 34,503 patients.
Social Security numbers were among the information “for a number of those patients,” the hospital says. Other information included names, addresses, identification numbers, medical record numbers, birthdates, admission dates, discharge dates and diagnoses information–primarily codes but some written descriptions.
The hospital is offering, through TrustedID, one year of paid credit monitoring and identity theft alert services to patients with SSNs on the laptop. The hospital has declined to divulge how many such patients were affected.
The contractor stopped working at the hospital in December 2011, but had downloaded patient information in violation of hospital policies, according to a statement from Howard University Hospital. The contractor notified police of the theft of the password-protected laptop from a private vehicle on Jan. 25, and notified the hospital by e-mail on Jan. 27.
The hospital has implemented policies to encrypt all laptops issued to Howard University Health Sciences personnel, and has strengthened contractor policies to make clear that data and laptop encryption are required. The hospital also has reported the breach to the HHS Office for Civil Rights, which will add it to the public listing of major breaches of protected health information, which now lists 409 incidents since September 2009. Referenced from Heathdatamanagement