Breach Involves Laptop Thefts

California health system warns 5,450 patients
Breach Involves Laptop Thefts
John Muir Health, a Walnut Creek, Calif.-based health system, is notifying 5,450 patients about a potential breach of information stemming from the theft of two unencrypted laptop computers.

The laptops were stolen in February from the John Muir Network Perinatal Office in Walnut Creek. They contained personal and health information going back more than three years.

Although the laptops were not encrypted, they were password protected and "contained data in a format that would not be readily accessible," said Hala Helm, vice president, chief compliance and privacy officer. "While we have no evidence that the information has been accessed or used inappropriately, we cannot rule out that possibility."

Many of the major breach cases tallied by the Department of Health and Human Services' Office for Civil Rights involve the theft or loss of laptops and other devices. The tally now includes about 56 breaches confirmed since September, when new reporting requirements kicked in.

Under the HITECH Act's breach notification rule, such incidents must be reported to HHS and the media within 60 days.

Preventive steps

John Muir Health, which owns two hospitals, is providing those who may be affected with a free identity theft protection program from Equifax for one year. It's recommending patients place a fraud alert on their credit files.

As a result of the incident, John Muir is implementing additional safeguards, Helm says. "Patient information stored on laptops at the perinatal office is now encrypted, and the laptops are locked down," he says. "Encryption software is also being installed on John Muir Health laptops throughout the organization."

The organization is working with local law enforcement officials investigating the theft.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.