Encrypted Laptop Stolen While in Use

Thief takes device from hospice patient's home
Encrypted Laptop Stolen While in Use
Sometimes, even encryption is not enough to protect a laptop from a breach, a Chicago-area hospice has learned. An encrypted laptop that a hospice employee was using during a home visit to a new patient was stolen while the device was on and an electronic records system was open.

Because the records system was on when the laptop was stolen, the encryption was not activated and the thief could have accessed some patient information, a spokesman for Rainbow Hospice and Palliative Care in Park Ridge acknowledges. As a result, the hospice alerted the 999 patients whose information was on the device about the incident.

Under the HITECH Act's Breach Notification Rule's safe harbor, breach incidents involving encrypted data do not have to be reported. But in this case, the theft had to be reported to patients and federal authorities because the stolen device had a records system open, a hospice spokesman says.

In its letter to patients, the hospice offered one year's worth of identity protection through Debix Inc. "to help ease concerns and safeguard our patients from possible misuse of their personal information," according to a statement.

The hospice and Chicago police, however, have not received any reports of information on the device being used for fraudulent purposes. Once the computer was turned off, the thief would have had to navigate through multiple password protections as well as the encryption system to view data, the hospice spokesman notes.

Data on the laptop included patients' names, addresses, dates of birth, Social Security numbers, insurance information and certain healthcare information.

In addition to encrypting all its laptops using the standard specified in the HITECH Act, the hospice is now increasing password complexity, the spokesman says. It's also installing the LoJack for Laptops theft recovery service from Absolute Software Corp., which can help locate stolen devices.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.