Personal information on more than 500 Cedars-Sinai Health System patients was compromised in June after a laptop was stolen from an employee's home.
How many victims? More than 500, but the hospital system is "still reviewing the data on the files to identify anyone who was potentially affected and [does] not yet have an estimate," a spokesperson told SCMagazine.com in a Monday email correspondence.
What type of personal information? Social Security numbers, medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as other unspecified personal information.
What happened? A laptop, which stored patients' information, was stolen in a June 23 burglary at an employee's home.
What was the response? The medical center cut off the laptop's remote access and opened up a phone line for possible victims. Cedars-Sinai then investigated the incident to manually and electronically monitor the affected files and identify patients whose information was stored on the device. Victims will be notified if their information is at risk.
Details: The stolen laptop was password-protected but didn't have additional encryption software installed. The laptop was used for troubleshooting software used in clinical laboratory reporting and was stolen along with personal items.
Quote: “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence,” said David Blake, Cedars-Sinai's chief privacy officer, in a press release.
Source: oag.ca.gov, “Cedars-Sinai Health System Issues Notice of Data Incident,” August 2014
UPDATE: Cedars-Sinai updated its estimate of affected victims and said that 33,136 patients' information was stored on the stolen laptop. The update comes after the hospital coordinated with a data forensics firm, according to the Los Angeles Times.