Breach, Threat Management, Data Security

20K notified of data breach at healthcare network Lifespan

Lifespan, a Rhode Island-based healthcare network, informed 20,000 patients that an employee laptop containing patient data went missing.

How many victims? About 20,000.

What type of information? The laptop – which was not encrypted or password-protected — held work emails and “may have contained patient information, including name, medical record number, demographic information such as partial address information, and the names of one or more medications that were prescribed or administered at Lifespan," said a statement from the company. Reportedly, no Social Security numbers, financial information, diagnoses or other clinical information were stored on the device.

What happened? The employee's Mac laptop was stolen from his car on Feb. 25.

What was the response? The employee immediately notified law enforcement and Lifespan. The company launched an investigation and "out of an abundance of caution" updated the employee's login credentials. It began sending out notices on April 21 and offered guidance on its site to affected people offering assistance and further information. The company said there was no indication that data on the laptop "has been accessed or used by anyone as a result of the theft." In its statement, Lifespan said it was in the process of improving "its policies, procedures and employee education to prevent such incidents."

Quote: “The information contained in the emails did not include patient Social Security numbers or financial information, nor did it include clinical information such as diagnosis." – Lifespan statement.

Source: Providence Journal

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.