Los Angeles-based health system breached; more than 500 patients affected
Personal information on more than 500 Cedars-Sinai Health System patients was compromised in June after a laptop was stolen from an employee's home.
How many victims? More than 500, but the hospital system is "still reviewing the data on the files to identify anyone who was potentially affected and [does] not yet have an estimate," a spokesperson told SCMagazine.com in a Monday email correspondence.
What type of personal information? Social Security numbers, medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as other unspecified personal information.
What happened? A laptop, which stored patients' information, was stolen in a June 23 burglary at an employee's home.
What was the response? The medical center cut off the laptop's remote access and opened up a phone line for possible victims. Cedars-Sinai then investigated the incident to manually and electronically monitor the affected files and identify patients whose information was stored on the device. Victims will be notified if their information is at risk.
Details: The stolen laptop was password-protected but didn't have additional encryption software installed. The laptop was used for troubleshooting software used in clinical laboratory reporting and was stolen along with personal items.
Quote: “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence,” said David Blake, Cedars-Sinai's chief privacy officer, in a press release.
Source: oag.ca.gov, “Cedars-Sinai Health System Issues Notice of Data Incident,” August 2014