Eric Berger reports:
A laptop computer containing information on 30,000 patients at the University of Texas M.D. Anderson Cancer Center has been stolen.
The loss, reported Thursday, is one of the largest of its kind at a Texas Medical Center institution.
The data included specific medical information on about 10,000 of the patients, and was on an unencrypted computer stolen from an M.D. Anderson faculty member’s home on April 30.
Read more on Houston Chronicle. A statement on the cancer center’s web site reads:
The University of Texas MD Anderson Cancer Center (MD Anderson) takes its patients’ privacy seriously. The confidentiality of the information we maintain for our patients is an important part of the fundamental trust that we share with them and their families. Regrettably, this notice concerns an incident related to that information.
On April 30, 2012, an unencrypted laptop computer was stolen from an MD Anderson faculty member’s home. The faculty member notified the local police department. MD Anderson was alerted to the theft on May 1, and immediately began a thorough investigation to determine what information was contained on the laptop. After a detailed review with outside forensics experts, we have confirmed that the laptop may have contained some of our patients’ personal information, including patients’ names, medical record numbers, treatment and/or research information, and in some instances Social Security numbers. We have no reason to believe that the laptop was stolen for the information that it contained. We have been working with law enforcement, but to date the laptop has not been located.
We are taking steps to prevent this from happening in the future, including accelerating our efforts to encrypt all MD Anderson computers. This technology scrambles each computer’s data to make it more difficult for unauthorized users to retrieve any information. We also are reinforcing with all employees our privacy policies in the handling of patient information. We began mailing letters on June 28 to all patients who were affected. If you believe you were affected and you have not received a letter by July 16, please call 1-877-441-3007, Monday through Saturday, from 8:00 a.m. to 8:00 p.m. Central Time. All addresses have been processed through the United States Postal Service’s National Change of Address database, so you do not have to call to update your information unless you do not receive a letter by July 16.
We deeply regret any inconvenience this incident may cause our patients.