Los Angeles-based health system breached; more than 500 patients affected

Share this article:

Personal information on more than 500 Cedars-Sinai Health System patients was compromised in June after a laptop was stolen from an employee's home.

How many victims? More than 500, but the hospital system is "still reviewing the data on the files to identify anyone who was potentially affected and [does] not yet have an estimate," a spokesperson told SCMagazine.com in a Monday email correspondence.

What type of personal information? Social Security numbers, medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as other unspecified personal information.

What happened? A laptop, which stored patients' information, was stolen in a June 23 burglary at an employee's home.

What was the response? The medical center cut off the laptop's remote access and opened up a phone line for possible victims. Cedars-Sinai then investigated the incident to manually and electronically monitor the affected files and identify patients whose information was stored on the device. Victims will be notified if their information is at risk.

Details: The stolen laptop was password-protected but didn't have additional encryption software installed. The laptop was used for troubleshooting software used in clinical laboratory reporting and was stolen along with personal items.

Quote: “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence,” said David Blake, Cedars-Sinai's chief privacy officer, in a press release.

Source: oag.ca.gov, “Cedars-Sinai Health System Issues Notice of Data Incident,” August 2014

UPDATE: Cedars-Sinai updated its estimate of affected victims and said that 33,136 patients' information was stored on the stolen laptop. The update comes after the hospital coordinated with a data forensics firm, according to the Los Angeles Times.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.

Fidelity National Financial employees targeted in phishing attack

Data is at risk after the email accounts of a small number of employees with Fidelity National Financial were compromised in a targeted phishing attack.