Cedars-Sinai Breach Affects 33,000Laptop Computer Stolen from Employee's Home
Cedars-Sinai Health System in Los Angeles says approximately 33,000 patients were affected by a data breach involving the theft of an unencrypted laptop computer from an employee's home.
The laptop, which the employee used for troubleshooting clinical laboratory reporting software, was stolen, along with personal items, from the employee's home on June 23. There has been no indication of any actual or attempted unauthorized access to the health information on the laptop, Cedars-Sinai says.
The employee's duties included being available outside of normal business hours to troubleshoot software problems as they occur, which is why the laptop was at the worker's home at the time of the burglary, Cedars-Sinai says. The employee immediately notified Cedars-Sinai and the local police of the theft. An investigation is ongoing, and the laptop has not been recovered, the organization says.
The laptop's lack of encryption was a violation of Cedars-Sinai policy, the health system reports. As a result of the incident, the organization is now re-confirming the encryption status of all laptops.
The patient information on the laptop included some combination of medical record number, patient identification number, lab testing information, treatment information and diagnostic information, the health system reports. A small percentage of the files, involving about 1,500 patients, also contained Social Security numbers or other personal information.
Patients whose Social Security numbers were on the laptop are being offered free credit monitoring for one year.
Cedars-Sinai, which first reported the breach in August, initially reported to regulators and the news media that the stolen laptop contained information pertaining to at least 500 patients. "Cedars-Sinai did not know the total number of patients affected at the time we were required to notify regulators and did not have sufficient information to indicate the scope of the breach," the organization says. Following the incident, Cedars-Sinai launched an investigation with the help of independent computer forensics experts.