DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cedars-Sinai Health System to notify patients whose unencrypted information was on laptop stolen from an employee's home

Posted on August 22, 2014 by Dissent

Cedars-Sinai Health System Issues Notice of Data Incident

LOS ANGELES (Aug. 22, 2014) – Although there is no indication of any actual or attempted unauthorized access to health information, Cedars-Sinai Health System will be notifying certain patients who have the potential to be affected by the theft of a Cedars-Sinai-issued laptop computer that may have contained some of their health information. There is no indication that the laptop contained complete medical or billing records of any patient. Remote access from this laptop to the Cedars-Sinai computer network has been terminated.

While the laptop was password-protected, it did not contain additional encryption software, a violation of Cedars-Sinai policy. As a result, some information was potentially stored in temporary files on the laptop’s hard drive at the time of the theft.

“Cedars-Sinai takes the security of our patients’ health information very seriously, and has multiple security safeguards in place to protect health information,” said David Blake, Cedars-Sinai’s chief privacy officer. “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence.” The laptop, which was used by the employee for troubleshooting software used for clinical laboratory reporting, was stolen along with personal items of the employee in a June 23 burglary at the employee’s home. (The employee’s duties included being available outside of normal business hours to troubleshoot software problems as they occurred, which is why the laptop was at the home.) The employee immediately notified Cedars-Sinai and the local police of the theft. The local police investigation is ongoing, no arrests have been made, and the laptop has not been recovered.

Cedars-Sinai initiated a comprehensive investigation immediately after the laptop was reported stolen on June 23. Cedars-Sinai retained independent experts in computer forensics to manually and electronically review the files that may have been on the laptop at the time of the theft and to identify any Cedars-Sinai patients whose information may have been stored on the stolen device. This investigation is ongoing.

Cedars-Sinai is mailing letters next week to those identified as being potentially affected by the incident. Should the ongoing file review identify any additional individuals affected, Cedars-Sinai will notify them as well.

The specific information potentially available on the laptop varied depending on the individual, but consisted in general of some combination of medical record number, patient identification number, lab testing information, treatment information and diagnostic information. A small percentage of the files also contained the patient’s Social Security number or other personal information.

In an abundance of caution, Cedars-Sinai’s letter recommends that the potentially affected patients regularly review any Explanation of Benefits statement received from health insurance companies, and contact the health insurance company if there are services listed that the individual has not received. Cedars-Sinai is also recommending that all concerned individuals review account statements and monitor credit reports for suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. Free credit reports can be ordered at www.annualcreditreport.com or by calling 1-877-322-8228. The three major credit bureaus can also be contacted directly to request a free credit report: Equifax P.O. Box 105069, Atlanta, GA 30348-5069, 800-525-6285, www.equifax.com; Experian P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion P.O. Box 2000, Chester, PA 19022, 800-680-7289, www.transunion.com. For information about medical privacy rights, you may visit the website of the California Department of Justice, Privacy Enforcement and Protection Unit at www.privacy.ca.gov.

Cedars-Sinai is providing a confidential assistance line for individuals seeking additional information regarding this incident. The confidential assistance line operates is available at 877-218-2930 between 7 a.m. and 4 p.m. Pacific Time, Monday through Friday. (Callers should use reference number 3528081314 when calling the confidential assistance line.)

SOURCE: Cedars-Sinai, via the California Attorney General’s web site

Category: Uncategorized

Post navigation

← California “Vendor” In Identity Theft And Credit Card Fraud on Carder.su Sentenced To More Than Eight Years In Prison
More than 1,000 businesses affected by same malware as Target →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.