DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach

Posted on April 20, 2010 by Dissent

On February 19, 2010, a laptop belonging to a physician affiliated with the Massachusetts Eye and Ear Infirmary was stolen while the physician was lecturing in South Korea. The laptop belonged to Dr. Robert Levine, a neurologist with a particular focus on ringing in the ears, or tinnitus.

To date, Mass. Eye and Ear has determined that data owned by Mass. Eye and Ear on Dr. Levine’s laptop contained demographic and health information of approximately 3,526 patients treated by Dr. Levine at Mass. Eye and Ear between February 3, 1988 and February 16, 2010, and of a small number of participants in research conducted by Dr. Levine at Mass. Eye and Ear who were not also Dr. Levine’s patients, as follows:

  • 67 participants in somatic tinnitus modulation research, and
  • One participant in pulsatile tinnitus research.

Dr. Levine reported the theft to police in South Korea. In addition, as required by law, Mass. Eye and Ear is reporting the loss of its patient and research participant information to the individuals affected, and to the appropriate state and federal authorities.

The following types of information about affected individuals associated with Mass. Eye and Ear may have been present on Dr. Levine’s laptop:

  • Name,
  • Address,
  • Telephone numbers,
  • E-mail,
  • Date of birth and age,
  • Sex,
  • Medical record numbers,
  • Dates of service,
  • Medical information, including diagnoses, symptoms, test results, and prescriptions,
  • Name and contact information for patient pharmacies, and
  • Research participant status.

In addition, four individuals’ information also included their pharmacy insurance account number.

To the best of Mass. Eye and Ear’s knowledge, Social Security numbers, financial account numbers and credit card or debit card numbers of individual associated with Mass. Eye and Ear were not present on the laptop.

Mass. Eye and Ear is sending letters to affected individuals at their last known address. The hospital has posted a notice on its website in the event that the contact information for affected individuals is out of date and to provide notice to individuals for whom Mass. Eye and Ear has no contact information.

Individuals who fit into one of the categories above, and who do not receive a letter directly from Mass. Eye and Ear, may contact the Mass. Eye and Ear Breach Response Center at 877-313-1395 to determine if they are affected.

Mass. Eye and Ear has no indication that the information on the stolen computer has actually been accessed or inappropriately used. The computer was password protected and contained a tracking device commonly referred to as “LoJack.” The tracking device contacted LoJack on March 9 when the stolen computer was connected to the internet in South Korea. LoJack was able to monitor the computer’s configuration and on-line use, and determined that:

  • A new operating system was installed on the computer following the theft, and
  • Software needed to access most of the information about affected Mass. Eye and Ear individuals had not been reinstalled.

On April 9 it was determined that it was unlikely that continued monitoring of the computer would lead to its retrieval, and a command was sent by LoJack to the computer permanently disabling the hard drive and rendering any information, including information about affected Mass. Eye and Ear individuals contained on the hard drive, permanently unreadable.

Despite the result of the tracking and destruction noted above, Mass. Eye and Ear is unable to know whether the information about affected Mass. Eye and Ear individuals on the computer was accessed between the date of the theft and March 9.

Should information have been inappropriately accessed, Mass. Eye and Ear does not believe that the information on the laptop regarding the affected Mass. Eye and Ear individuals presents a risk of financial identity theft. It is possible, however, that someone may be able to learn about affected Mass. Eye and Ear individuals’ medical care from the stolen data, and affected individuals may have a risk that someone may attempt to use that information to impersonate them in order to obtain medical care or medications in their name.

In order to protect affected Mass. Eye and Ear individuals, Mass. Eye and Ear is providing information on precautions that they can take to protect themselves against medical identity theft, and has arranged to provide them with one free year of credit monitoring, identity theft insurance and restoration services.

In order to prevent similar breaches from occurring in the future, Mass. Eye and Ear is updating its information security program, including, but not limited to, taking the following specific actions:

  • Deploying encryption to laptop computers that connect to Mass. Eye and Ear’s computer network, and
  • Providing education to Mass. Eye and Ear staff regarding limiting the amount of data stored on laptop computers.

Mass. Eye and Ear continues its investigation into the information on the stolen computer to determine whether there could be information about additional individuals associated with Mass. Eye and Ear that has not yet been detected. Should additional information be discovered, Mass. Eye and Ear will provide additional notices as appropriate.

“Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause,” said John Fernandez, Mass. Eye and Ear president and CEO. “We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future.”

Source: Mass. Eye and Ear

Category: Health Data

Post navigation

← Cyberattack on Google Said to Hit Password System
Affinity Health Plan notifies over 409,000 of breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.