Okay, here’s a breach I never saw reported anywhere in my usual sources, until I read about it in a lawsuit. Via Courthouse News’ Joe Harris:
A hospital and cancer center allowed a laptop computer stuffed with unencrypted, confidential information on its patients to be stolen, and did not notify patients of the data theft for 8 weeks, patients say in a class action.
Named plaintiff Rita Barricks claims the laptop was stolen during the weekend of Dec. 4, 2010 from Barnes-Jewish Hospital dba The Siteman Cancer Center, a joint venture between Washington University and Barnes-Jewish Hospital.
Barricks says the computer contained patients’ names, addresses, phone numbers, birth dates, Social Security numbers, medical records, diagnoses, lab results, email addresses, insurance information and employment information.
“WashU and BJC have a policy of encrypting the sensitive information of plaintiffs,” according to the complaint City Court. “However, the stolen laptop was unencrypted and contained unencrypted sensitive information.”
Barricks claims the defendants immediately knew about the theft, but waited 8 weeks – until Jan. 28 – to inform patients.
During that time, Barricks says, her identity was stolen.
Read more on Courthouse News.