DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Lucile Packard Children’s Hospital notifying 12,900 after laptop stolen from secured badge-access area

Posted on June 12, 2013 by Dissent

Lucile Packard Children’s Hospital is no stranger to stolen equipment containing PHI.  In January, 2010, they self-reported a breach involving a stolen desktop computer with PHI on 532 patients, and as recently as January, they notified 57,000 patients after a laptop was stolen from a physician’s car.  Now the hospital is notifying patients about another breach involving the theft of hardware with unencrypted PHI. From a statement on their web site:

Lucile Packard Children’s Hospital at Stanford is notifying patients by mail that a password-protected, non-functional laptop computer that could potentially contain limited medical information on pediatric patients was stolen from a secured, badge-access controlled area of the hospital sometime between May 2 and May 8, 2013. This incident was reported to Packard Children’s on May 8. Immediately following discovery of the theft, Packard Children’s launched an aggressive and ongoing investigation with security and law enforcement.

To date, there is no evidence that any pediatric patient data has been accessed by an unauthorized person or otherwise compromised.

What medical information was on the laptop?
The information that could potentially have been on the stolen computer related to operating room schedules, which the employee accessed as part of her work functions through Packard Children’s secure and encrypted electronic systems. The computer was password protected, but some information could have transferred to the laptop, and the laptop was not encrypted. The computer was outdated and damaged, thus on a schedule for collection by information technologists.

The information did not include financial or credit card information, nor did it contain Social Security numbers, insurance numbers or any other marketable information. The information on the operating room schedule that could have transferred to the computer would have been patient names, ages, medical record number, telephone number, scheduled surgical procedure, and name of physicians involved in the procedure over a three-year period beginning in 2009. To date, there is no evidence that any patient data has been accessed by an unauthorized person or otherwise compromised.

How many patients were potentially affected?
Out of an abundance of caution, we are providing outreach to approximately 12,900 patients, and we are assuring they are notified promptly.

When did the notifications begin?
Notifications to federal and state regulators, affected individuals and parents, and the media are under way as of June 11. Due to the law enforcement investigation, such notifications were delayed, as permitted by law, to avoid impeding the investigation.

How are potentially affected individuals being notified?
In addition to the mailed letters, a toll-free phone line has been established to answer questions for those notified. The toll-free number is (855) 683-1168, and is available Monday through Saturday from 6 a.m. to 6 p.m. PST. In addition, potentially affected individuals have been offered the option of free identity protection services.

How is the investigation proceeding?
So far, efforts to recover the computer have been unsuccessful, but the law enforcement investigation is still ongoing.

Lucile Packard Children’s Hospital strives to be an industry leader in the area of medical information security. As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data.

News Release
http://www.lpch.org/aboutus/news/releases/2013/patient-notification.html

Category: Health Data

Post navigation

← House panel to probe alleged seizure of medical records by IRS
U.K.: Fax blunder leads to £55,000 penalty for Staffordshire trust →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.