Los Angeles-based health system breached; more than 500 patients affected

Share this article:

Personal information on more than 500 Cedars-Sinai Health System patients was compromised in June after a laptop was stolen from an employee's home.

How many victims? More than 500, but the hospital system is "still reviewing the data on the files to identify anyone who was potentially affected and [does] not yet have an estimate," a spokesperson told SCMagazine.com in a Monday email correspondence.

What type of personal information? Social Security numbers, medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as other unspecified personal information.

What happened? A laptop, which stored patients' information, was stolen in a June 23 burglary at an employee's home.

What was the response? The medical center cut off the laptop's remote access and opened up a phone line for possible victims. Cedars-Sinai then investigated the incident to manually and electronically monitor the affected files and identify patients whose information was stored on the device. Victims will be notified if their information is at risk.

Details: The stolen laptop was password-protected but didn't have additional encryption software installed. The laptop was used for troubleshooting software used in clinical laboratory reporting and was stolen along with personal items.

Quote: “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence,” said David Blake, Cedars-Sinai's chief privacy officer, in a press release.

Source: oag.ca.gov, “Cedars-Sinai Health System Issues Notice of Data Incident,” August 2014

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in The Data Breach Blog

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.

Central Utah Clinic notifies over 30K patients of potential HIPAA breach

The clinic is warning patients of a potential breach after an unauthorized party accessed a server.