One of the incidents added to HHS’s public breach tool this week involves a personal laptop stolen from a Mount Sinai Beth Israel Hospital employee. The incident reminds of us the risks of BYOD when the data are not encrypted.
I was able to locate a copy of the hospital’s press release on the incident:
Statement Regarding Theft of Laptop Computer at Mount Sinai Beth Israel
NEW YORK, NY – October 3, 2014 /Press Release/ ––On August 8, 2014, a password-protected, personal laptop computer was stolen from a staff room on the premises of Mount Sinai Beth Israel. While the laptop was password-protected, its contents were not encrypted. Stored on the laptop were emails from an OB / GYN physician’s Mount Sinai Beth Israel email account that contained information on approximately 10,790 patients, including patient names, dates of birth, medical record numbers, dates of service, procedure codes and description of procedures, as well as clinical information about the care the patients received. Patient Social Security numbers, insurance information, addresses or telephone numbers were not stored on the laptop.
The theft of the device was reported to the New York City Police Department; additionally, Mount Sinai Beth Israel reported the incident to the Office for Civil Rights at the U.S. Department of Health and Human Services.
Mount Sinai Beth Israel has taken additional steps to enhance security at the Hospital with respect to safekeeping of personal property, including but not limited to installing additional door locks and security cameras; Mount Sinai Beth Israel has also initiated additional measures to further educate staff regarding Mount Sinai’s policies on data security.
Letters notifying affected patients were mailed on October 2, 2014. Patients and immediate families with any questions or concerns may call (212) 523-2162.