DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cedars-Sinai Health System to notify patients whose unencrypted information was on laptop stolen from an employee's home

Posted on August 22, 2014 by Dissent

Cedars-Sinai Health System Issues Notice of Data Incident

LOS ANGELES (Aug. 22, 2014) – Although there is no indication of any actual or attempted unauthorized access to health information, Cedars-Sinai Health System will be notifying certain patients who have the potential to be affected by the theft of a Cedars-Sinai-issued laptop computer that may have contained some of their health information. There is no indication that the laptop contained complete medical or billing records of any patient. Remote access from this laptop to the Cedars-Sinai computer network has been terminated.

While the laptop was password-protected, it did not contain additional encryption software, a violation of Cedars-Sinai policy. As a result, some information was potentially stored in temporary files on the laptop’s hard drive at the time of the theft.

“Cedars-Sinai takes the security of our patients’ health information very seriously, and has multiple security safeguards in place to protect health information,” said David Blake, Cedars-Sinai’s chief privacy officer. “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence.” The laptop, which was used by the employee for troubleshooting software used for clinical laboratory reporting, was stolen along with personal items of the employee in a June 23 burglary at the employee’s home. (The employee’s duties included being available outside of normal business hours to troubleshoot software problems as they occurred, which is why the laptop was at the home.) The employee immediately notified Cedars-Sinai and the local police of the theft. The local police investigation is ongoing, no arrests have been made, and the laptop has not been recovered.

Cedars-Sinai initiated a comprehensive investigation immediately after the laptop was reported stolen on June 23. Cedars-Sinai retained independent experts in computer forensics to manually and electronically review the files that may have been on the laptop at the time of the theft and to identify any Cedars-Sinai patients whose information may have been stored on the stolen device. This investigation is ongoing.

Cedars-Sinai is mailing letters next week to those identified as being potentially affected by the incident. Should the ongoing file review identify any additional individuals affected, Cedars-Sinai will notify them as well.

The specific information potentially available on the laptop varied depending on the individual, but consisted in general of some combination of medical record number, patient identification number, lab testing information, treatment information and diagnostic information. A small percentage of the files also contained the patient’s Social Security number or other personal information.

In an abundance of caution, Cedars-Sinai’s letter recommends that the potentially affected patients regularly review any Explanation of Benefits statement received from health insurance companies, and contact the health insurance company if there are services listed that the individual has not received. Cedars-Sinai is also recommending that all concerned individuals review account statements and monitor credit reports for suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. Free credit reports can be ordered at www.annualcreditreport.com or by calling 1-877-322-8228. The three major credit bureaus can also be contacted directly to request a free credit report: Equifax P.O. Box 105069, Atlanta, GA 30348-5069, 800-525-6285, www.equifax.com; Experian P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion P.O. Box 2000, Chester, PA 19022, 800-680-7289, www.transunion.com. For information about medical privacy rights, you may visit the website of the California Department of Justice, Privacy Enforcement and Protection Unit at www.privacy.ca.gov.

Cedars-Sinai is providing a confidential assistance line for individuals seeking additional information regarding this incident. The confidential assistance line operates is available at 877-218-2930 between 7 a.m. and 4 p.m. Pacific Time, Monday through Friday. (Callers should use reference number 3528081314 when calling the confidential assistance line.)

SOURCE: Cedars-Sinai, via the California Attorney General’s web site

Related posts:

  • Unencrypted laptops still a major cause of breach reports to HHS
  • FEATURED: HHS starts to reveal healthcare breaches reported to government (updated)
  • NY: Mount Sinai Beth Israel Hospital reports stolen laptop
Category: Uncategorized

Post navigation

← California “Vendor” In Identity Theft And Credit Card Fraud on Carder.su Sentenced To More Than Eight Years In Prison
More than 1,000 businesses affected by same malware as Target →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.