NEW YORK, July 23, 2012 – NYU Langone Medical Center notified patients this week that a desktop computer containing personal health information was discovered stolen from the Faculty Group Practice office of John G. Golfinos, MD, chair of the Department of Neurosurgery on May 23, 2012. Although the computer was not encrypted, it was password protected and additional software would be needed to retrieve any data files, minimizing the risk that the information would actually be accessed.
In addition to data from Dr. Golfinos’ office, the stolen computer also contained patient data from the practices of Erik C. Parker, MD, associate professor of neurosurgery as well as the former practice of neurosurgeon Patrick J. Kelly, MD. The data on the computer was duplicated by the medical center prior to the theft, so no clinical information was permanently lost.
The computer contained data of about 8,400 patients, of which approximately 5,000 contained social security numbers. NYU Langone Medical Center is offering identity theft protection to all patients whose social security numbers may have been compromised. Other data on the computer includes name, address, date of birth, telephone number, insurance information, and clinical information related to visits to these physicians. There is no indication at this time that the information on the stolen computer has been accessed, misused, or disclosed in any way.
This incident was promptly reported to both NYU Langone Medical Center Security and the New York City Police Department and will be reported to the Office of Civil Rights, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Though security cameras did capture video of the individual suspected of the theft and was shared with police, the person responsible for the theft has not yet been identified, and the computer has not been recovered.
NYU Langone Medical Center is committed to protecting the privacy and security of our patients’ medical information and since this incident has taken affirmative steps and additional security measures, including moving protected health information from desktop computers to secure network drives and retraining staff regarding proper safeguarding of private patient information.
NYU Langone Medical Center’s Office of Compliance has set up a dedicated telephone line to answer patient’s questions regarding this issue. Our dedicated team can be reached at (877) 615-3775.
Source: NYU Langone Medical Center.
For other breaches reported by the center, see previous coverage on this blog.