The Maryville Daily Times reports:
Blount Memorial Hospital has informed patients of the theft of a hospital laptop containing registration records of Blount Heart Consultants.
The laptop was reported stolen from an employee’s home on Aug. 25 and has not yet been recovered.
Read more on The Maryville Daily Times. There does not seem to be any notice on the hospital’s web site at the time of this posting although they apparently sent out a press release. I’ll update this entry if/when I find the full release or notice but The Maryville Daily Times provides details on types of information, etc.
Update: The hospital’s statement is linked from a “Learn More” button on the home page next to text saying “Privacy Information Center.” Would you take that as a breach alert and follow the link?
The FAQ on the breach makes clear that “Information contained on the laptop included only patient registration records, meaning only your billing address as it was supplied on your registration forms. No payment statuses, credit card or bank account information was contained on the laptop in question.” The FAQ also states that some employees are allowed to take hospital equipment home with them, as required by their jobs and responsibilities. There is no statement as to whether the laptop was supposed to have been encrypted and whether the employee had followed all security protocols.
Update: Blount reported to HHS that 27,799 were affected.