DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach

Posted on April 20, 2010 by Dissent

On February 19, 2010, a laptop belonging to a physician affiliated with the Massachusetts Eye and Ear Infirmary was stolen while the physician was lecturing in South Korea. The laptop belonged to Dr. Robert Levine, a neurologist with a particular focus on ringing in the ears, or tinnitus.

To date, Mass. Eye and Ear has determined that data owned by Mass. Eye and Ear on Dr. Levine’s laptop contained demographic and health information of approximately 3,526 patients treated by Dr. Levine at Mass. Eye and Ear between February 3, 1988 and February 16, 2010, and of a small number of participants in research conducted by Dr. Levine at Mass. Eye and Ear who were not also Dr. Levine’s patients, as follows:

  • 67 participants in somatic tinnitus modulation research, and
  • One participant in pulsatile tinnitus research.

Dr. Levine reported the theft to police in South Korea. In addition, as required by law, Mass. Eye and Ear is reporting the loss of its patient and research participant information to the individuals affected, and to the appropriate state and federal authorities.

The following types of information about affected individuals associated with Mass. Eye and Ear may have been present on Dr. Levine’s laptop:

  • Name,
  • Address,
  • Telephone numbers,
  • E-mail,
  • Date of birth and age,
  • Sex,
  • Medical record numbers,
  • Dates of service,
  • Medical information, including diagnoses, symptoms, test results, and prescriptions,
  • Name and contact information for patient pharmacies, and
  • Research participant status.

In addition, four individuals’ information also included their pharmacy insurance account number.

To the best of Mass. Eye and Ear’s knowledge, Social Security numbers, financial account numbers and credit card or debit card numbers of individual associated with Mass. Eye and Ear were not present on the laptop.

Mass. Eye and Ear is sending letters to affected individuals at their last known address. The hospital has posted a notice on its website in the event that the contact information for affected individuals is out of date and to provide notice to individuals for whom Mass. Eye and Ear has no contact information.

Individuals who fit into one of the categories above, and who do not receive a letter directly from Mass. Eye and Ear, may contact the Mass. Eye and Ear Breach Response Center at 877-313-1395 to determine if they are affected.

Mass. Eye and Ear has no indication that the information on the stolen computer has actually been accessed or inappropriately used. The computer was password protected and contained a tracking device commonly referred to as “LoJack.” The tracking device contacted LoJack on March 9 when the stolen computer was connected to the internet in South Korea. LoJack was able to monitor the computer’s configuration and on-line use, and determined that:

  • A new operating system was installed on the computer following the theft, and
  • Software needed to access most of the information about affected Mass. Eye and Ear individuals had not been reinstalled.

On April 9 it was determined that it was unlikely that continued monitoring of the computer would lead to its retrieval, and a command was sent by LoJack to the computer permanently disabling the hard drive and rendering any information, including information about affected Mass. Eye and Ear individuals contained on the hard drive, permanently unreadable.

Despite the result of the tracking and destruction noted above, Mass. Eye and Ear is unable to know whether the information about affected Mass. Eye and Ear individuals on the computer was accessed between the date of the theft and March 9.

Should information have been inappropriately accessed, Mass. Eye and Ear does not believe that the information on the laptop regarding the affected Mass. Eye and Ear individuals presents a risk of financial identity theft. It is possible, however, that someone may be able to learn about affected Mass. Eye and Ear individuals’ medical care from the stolen data, and affected individuals may have a risk that someone may attempt to use that information to impersonate them in order to obtain medical care or medications in their name.

In order to protect affected Mass. Eye and Ear individuals, Mass. Eye and Ear is providing information on precautions that they can take to protect themselves against medical identity theft, and has arranged to provide them with one free year of credit monitoring, identity theft insurance and restoration services.

In order to prevent similar breaches from occurring in the future, Mass. Eye and Ear is updating its information security program, including, but not limited to, taking the following specific actions:

  • Deploying encryption to laptop computers that connect to Mass. Eye and Ear’s computer network, and
  • Providing education to Mass. Eye and Ear staff regarding limiting the amount of data stored on laptop computers.

Mass. Eye and Ear continues its investigation into the information on the stolen computer to determine whether there could be information about additional individuals associated with Mass. Eye and Ear that has not yet been detected. Should additional information be discovered, Mass. Eye and Ear will provide additional notices as appropriate.

“Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause,” said John Fernandez, Mass. Eye and Ear president and CEO. “We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future.”

Source: Mass. Eye and Ear

Category: Health Data

Post navigation

← Cyberattack on Google Said to Hit Password System
Affinity Health Plan notifies over 409,000 of breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.