The Lucile Packard Children’s Hospital (LPCH) announced Monday the theft of a laptop containing patient medical information, an incident that has potentially affected up to 57,000 patients. The hospital has since notified affected individuals.
The laptop was stolen from a physician’s car at an off-campus location on the night of Jan. 9. While a police investigation was opened the following day, the laptop has yet to be recovered.
According to a press release from the LPCH, the laptop’s data was “predominantly from 2009 and related to past care and research.” The laptop contained basic patient details and medical descriptors but no financial information, Social Security numbers or any “marketable information.”
The laptop was also password-protected, and the LPCH has “no indication that any of the patient information has been accessed or compromised,” according to Robert Dicks, LPCH spokesman.
“Immediately following discovery of the theft, Packard Children’s Hospital and the School of Medicine notified law enforcement and internal security and launched an aggressive investigation, which is still under way,” the LPCH press release said.
Dicks framed the theft as a prompt to further increase safeguards on patient data – through methods like improved data encryption – in order to prevent similar incidents in the future.
“We really strive to be industry leaders in information security and we’re using the theft to further strengthen policies and controls surrounding the protection of patient data,” Dicks said.
According to Dicks, the last time a similar occurrence transpired was in January 2010, when a password-protected desktop computer containing patient scheduling information was stolen. That incident, which affected 532 patients, prompted a $250,000 fine due to the delay of the hospital’s response. It was later reduced to $1,100, according to Dicks.
The hospital has offered potentially affected patients the option of receiving free identity protection services, and has established a toll-free line for patients to inquire about the status of their personal information.