Ellen Nakashima and Rick Weiss write in the Washington Post:
A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years’ worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans. The information was not encrypted, in violation of the government’s data-security policy.
NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until last Thursday — almost a month later. They said they hesitated because of concerns that they would provoke undue alarm.
[…]
Elizabeth G. Nabel, director of the National Heart, Lung and Blood Institute (NHLBI), said in a statement issued late Friday that “when volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically.” She said that “we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust.”
NIH officials said the laptop was taken Feb. 23 from the locked trunk of a car driven by an NHLBI laboratory chief named Andrew Arai, who had taken his daughter to a swim meet in Montgomery County.
Full story – Washington Post