A laptop containing the demographic and health information of thousands of patients was stolen from a physician affiliated with the Massachusetts Eye and Ear Infirmary.

How many victims? 3,526.

What type of personal information? Compromised information may have included: names, addresses, telephone numbers, email addresses, birth dates, ages, sex, medical record numbers and dates of service. In addition, the compromised information may have included medical information, such as diagnoses, symptoms, test results and prescriptions, along with patient pharmacy information. Information on four individuals also included their pharmacy insurance account numbers.

What happened? The laptop, which belonged to a neurologist who focuses on ringing in the ears, was stolen on February 19 while the physician was lecturing in South Korea.

Details: The laptop contained information about patients who were treated by the physician between Feb. 3, 1988 and Feb. 16, 2010, and of a small number of individuals who participated in tinnitus research.

The computer was password protected and contained a tracking device that on April 9 was used to permanently disable the hard drive and render any information, including information about affected patients, permanently unreadable.

There is no indication that the information on the stolen computer was accessed or used inappropriately .

Quote: "Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause," John Fernandez, Mass. Eye and Ear president and CEO said in a statement. "We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future."

What was the response?  Letters are being sent to affected individuals at their last known address. In addition, the hospital has posted a notice about the breach on its website.

Affected individuals are being offered a free year-long subscription for credit monitoring, identity theft insurance and restoration services.

To prevent future breaches, Mass. Eye and Ear is updating its information security program by deploying encryption to laptop computers that connect to the organization's computer network. In addition, employees are being provided education about the importance of limiting data stored on laptops.

Source: http://www.masseyeandear.org, Massachusetts Eye and Ear Infirmary, “Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach,” April 20, 2010.