Unencrypted medical laptop goes missing, compromising patients

Share this article:

Information may have been compromised for patients of UT Physicians – the medical practice at University of Texas Health Science Center at Houston (UTHealth) – after an unencrypted laptop containing the data was reported missing.

How many victims? 596 patients had information stored on the laptop.

What type of personal information? Names, birth dates and medical record numbers, as well as hand and arm image data.

What happened? An unencrypted laptop containing patient data was discovered to be missing from a locked closet in the UT Physicians orthopedic clinic.  

What was the response? UT Physicians notified the police and commenced a search for the laptop, which remains missing. The Texas medical practice sent letters to affected patients, alerting them of the incident. UTHealth is checking the more than 5,000 laptops in use to ensure the machines are encrypted and are also tightening procedures for the purchase of medical equipment. Additional review and inventory processes have been established and the medical group has invested in hardware, software and personnel to ensure a similar incident does not occur again. An investigation is ongoing.

Details: The unencrypted laptop – a specialized computer attached to an electromyography machine – was reported missing from a locked closet in the UT Physicians orthopedic clinic on Aug. 2. The laptop had previously been used on July 19. UT Physicians began sending out letters to affected patients on Aug. 28. The laptop remains missing.

Quote: “UT Physicians is committed to patient privacy and deeply regrets that this incident occurred,” according to a post on the UT Physicians website. “Encryption of all laptops has been the policy at UT Physicians and UTHealth for the last two years. To date, all known laptops – more than 5,000 – have been encrypted. The medical group and UTHealth have taken steps to ensure that the missing laptop in the orthopedic clinic is an isolated incident.”

Source: utphysicians.com, “UTHealth informs patients of incident related to patient information,” Aug. 28, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.

Marquette University notifies graduate applicants of possible breach

Settings for an internal file server were inadvertently modified, making graduate school applications accessible to anyone with Marquette University login credentials.