DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Stolen Laptop Compromises Patient Information

Posted on May 3, 2011 by Dissent

WMUR reports:

Speare Memorial Hospital in Plymouth (New Hampshire) is warning patients that a laptop computer with patient information was stolen last month.

Officials said the computer was in an employee’s locked car in Boston on April 3. It contained patient names, addresses, hospital account numbers, medical record numbers, and other patient and health information.

With one exception, no Social Security numbers, insurance information or credit card information was on the computer.

Okay, now that would have been bad enough – after all, what were such sensitive data doing on a laptop without encryption and then just left in an employee’s car? But the notification gets much worse from my perspective:

Hospital spokeswoman Michele Hutchins said the hospital believes the information might not be on the laptop any longer.

“Most likely this computer has been scrubbed, because the person who took it is was most interested in the hardware, but you can’t assume that,” she said.

That is just pure speculative bullshit. It is self-serving and minimizes the risk – and may mislead patients into not taking immediate and necessary steps to protect themselves.

For my money, breached entities should be be barred from making such statements.

The hospital said it immediately notified the nearly 6,000 patients affected and is working to beef up security. The employee who had the laptop has resigned.

“That management level administrator has since resigned because the confidential information was only designed to stay on the hospital’s secure server and not be saved on the hard drive of a portable computer,” said Michele Hutchins, hospital spokeswoman.

What do they mean “designed to stay on the secure server?” What prevented it from being downloaded to a portable device other than instructions to employees of “don’t do this?”

Seriously. When I read breach disclosures like this one, I really wish the government would just start handing out stiff fines.

The hospital’s statement, linked from its home page, reads:

Patients Notified of Potential Breach of Protected Health Information

Speare Memorial Hospital has been alerted that a laptop computer containing protected health information was stolen from an employee’s secured, parked automobile on April 3, 2011. The computer was password protected, however that does not afford complete protection from unauthorized access. The protected health information on the computer included patient names, and in some instances: patient addresses, hospital account numbers, medical record numbers, physician names, dates of service, procedure codes, and diagnosis codes.

Speare Memorial Hospital is fully committed to protecting all of the information that our patients have entrusted to us. Upon learning of this incident the day after, we immediately undertook a process to identify the extent of information on the computer and have sent a letter of notification to the patients affected by this potential breach. Additionally, we have engaged experts to assist us in identifying additional safeguards that would strengthen our current security measures, and a police report has been filed.

We sincerely regret this incident. Protecting our patients’ personal and health information privacy is very important to us and we will continue to do everything we can to correct this situation and fortify our security protections. We will be monitoring for any indication of misuse of patient information, and recommend that patients review their future hospital account statements closely.

Patients with questions or concerns regarding this matter should contact us at 866-331-1226 during our normal business hours Monday through Friday, or via email: [email protected]

So why does the notice say “potential breach?” THE DATA WERE STOLEN. And describing the employee’s car as “secured?” Seriously – a locked car is “secured?” Stop minimizing this, Speare.

Category: Health Data

Post navigation

← Woman Arrested for Identity Theft While Temping for Doctor's Office
Texas Comptroller dips into campaign fund to pay for credit restoration services →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.