New Breach: Stolen Laptop Disabled Remotely

Doctor was victim of theft in South Korea Howard Anderson (ismg_editor) • April 20, 2010    
New Breach: Stolen Laptop Disabled Remotely
A Boston physician had his unencrypted laptop stolen while he was visiting South Korea for a lecture. But the computer contained a tracking device that later was used to disable the hard drive, rendering information permanently unreadable.

The Massachusetts Eye and Ear Infirmary, a teaching hospital of Harvard Medical School, reports the laptop belonged to Robert Levine, M.D., a neurologist. It contained information on more than 3,500 patients he had treated between Feb. 3, 1988, and Feb. 16, 2010, as well as 68 others who were participants in a research project.

The organization notified South Korean police as well as state and federal authorities. Under the HITECH Act's breach notification rule, organizations must report breaches of unsecured health information involving more than 500 individuals to the Department of Health and Human Services and the media within 60 days.

The hospital believes that personal information on the laptop did not include Social Security numbers or credit information. The device, however, included patient names, addresses, phone numbers, dates of birth, medical records numbers and certain medical information.

Device disabled

The laptop, which was stolen Feb. 19, was equipped with a "LoJack for Laptops" tracking device from Absolute Software Corp., Vancouver, British Columbia. The tracking device automatically alerted Absolute on March 9 when the stolen computer was connected to the Internet in South Korea, the hospital reports.

The device determined a new operating system had been installed on the computer after the theft and confirmed software needed to access most of the information about affected patients had not been reinstalled. On April 9, once the hospital determined it was unlikely that continued monitoring would lead to the computer's retrieval, a command was sent to the tracking device disabling the hard drive and rendering all information on it unreadable.

The Boston hospital notified all individuals who could have been affected by the breach and offered them one free year of credit monitoring and identity theft insurance.

To prevent similar breaches, the hospital is encrypting its laptops that link to its computer network and educating staff about limiting the amount of data stored on the portable devices.

Previous
Breach Prevention: Empty the Cabinet
Next
Commerce Eyes Privacy-Innovation Nexus

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.