I recently noted that HHS’s breach tool had revealed some breaches we hadn’t known about. One of them was from Brigham & Women’s Hospital in Massachusetts. I contacted them to request a copy of their statement or press release, and was told that because there were less than 500 patients affected in Massachusetts, they had not had to issue a substitute notice in the media. They did, however, kindly send me the following statement about the incident:
On or around Oct. 16, 2012, a desktop computer was reported stolen from a building at Brigham and Women’s Hospital. BWH believes that data related to 615 individuals may have been present on the stolen computer, and may include medical record number, age, medications, laboratory values or other clinical information. Individuals impacted by the theft were notified. BWH has no knowledge that any information on this computer has been accessed. BWH values our patients’ privacy and the security of our staff, and is committed to protecting both at all times. We are taking steps to reduce or prevent the risk of such events taking place in the future.
Thanks to the hospital for providing an explanation for the incident.
A previous version of this post incorrectly reported the number affected.