DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Stolen Laptop Compromises Patient Information

Posted on May 3, 2011 by Dissent

WMUR reports:

Speare Memorial Hospital in Plymouth (New Hampshire) is warning patients that a laptop computer with patient information was stolen last month.

Officials said the computer was in an employee’s locked car in Boston on April 3. It contained patient names, addresses, hospital account numbers, medical record numbers, and other patient and health information.

With one exception, no Social Security numbers, insurance information or credit card information was on the computer.

Okay, now that would have been bad enough – after all, what were such sensitive data doing on a laptop without encryption and then just left in an employee’s car? But the notification gets much worse from my perspective:

Hospital spokeswoman Michele Hutchins said the hospital believes the information might not be on the laptop any longer.

“Most likely this computer has been scrubbed, because the person who took it is was most interested in the hardware, but you can’t assume that,” she said.

That is just pure speculative bullshit. It is self-serving and minimizes the risk – and may mislead patients into not taking immediate and necessary steps to protect themselves.

For my money, breached entities should be be barred from making such statements.

The hospital said it immediately notified the nearly 6,000 patients affected and is working to beef up security. The employee who had the laptop has resigned.

“That management level administrator has since resigned because the confidential information was only designed to stay on the hospital’s secure server and not be saved on the hard drive of a portable computer,” said Michele Hutchins, hospital spokeswoman.

What do they mean “designed to stay on the secure server?” What prevented it from being downloaded to a portable device other than instructions to employees of “don’t do this?”

Seriously. When I read breach disclosures like this one, I really wish the government would just start handing out stiff fines.

The hospital’s statement, linked from its home page, reads:

Patients Notified of Potential Breach of Protected Health Information

Speare Memorial Hospital has been alerted that a laptop computer containing protected health information was stolen from an employee’s secured, parked automobile on April 3, 2011. The computer was password protected, however that does not afford complete protection from unauthorized access. The protected health information on the computer included patient names, and in some instances: patient addresses, hospital account numbers, medical record numbers, physician names, dates of service, procedure codes, and diagnosis codes.

Speare Memorial Hospital is fully committed to protecting all of the information that our patients have entrusted to us. Upon learning of this incident the day after, we immediately undertook a process to identify the extent of information on the computer and have sent a letter of notification to the patients affected by this potential breach. Additionally, we have engaged experts to assist us in identifying additional safeguards that would strengthen our current security measures, and a police report has been filed.

We sincerely regret this incident. Protecting our patients’ personal and health information privacy is very important to us and we will continue to do everything we can to correct this situation and fortify our security protections. We will be monitoring for any indication of misuse of patient information, and recommend that patients review their future hospital account statements closely.

Patients with questions or concerns regarding this matter should contact us at 866-331-1226 during our normal business hours Monday through Friday, or via email: [email protected]

So why does the notice say “potential breach?” THE DATA WERE STOLEN. And describing the employee’s car as “secured?” Seriously – a locked car is “secured?” Stop minimizing this, Speare.

Category: Health Data

Post navigation

← Woman Arrested for Identity Theft While Temping for Doctor's Office
Texas Comptroller dips into campaign fund to pay for credit restoration services →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.