The sensitive information, including names, addresses, and Social Security numbers, went missing from a third-party vendor's warehouse.
A routine email sent to Dent Neurologic Institute patients mistakenly included the sensitive data of others receiving treatment.
Other personal information, such as names, contact information and dates of birth, was also compromised.
The laptop was password protected, but not encrypted. The theft marks the second breach in just over a year that affected the university health care system.
After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.
The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.
Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.
According to the FBI, the attack originated from a foreign IP address.
Last week, hospital officials began notifying patients of the February theft.
The records were stored by storage provider working with Glens Falls Hospital in New York.