Patients of California-based Santa Clara Valley Medical Center had their medical data compromised when an unencrypted laptop was stolen from the audiology department.

How many victims? Undisclosed, but roughly 250,000 adults and children were treated at the medical center in 2012.

What type of personal information? Names, medical record numbers, dates of birth, ages, genders, dates of service and brainwave testing information.

What happened? Staff discovered that an unencrypted laptop used for tests of hearing and containing personal patient data was stolen from the audiology department. 

What was the response? The medical center's compliance and privacy office is performing an investigation and is additionally cooperating with a law enforcement investigation. The medical center's compliance and privacy officer is reviewing policies with employees and providing training to the department. Any employee found violating standards will be made subject to disciplinary matters. Affected patients are being alerted via mail.

Details: Staff discovered the laptop was missing on Sept. 16. Letters were sent to affected patients on Sept. 27.

Quote: “[Santa Clara Valley Health and Hospital System] maintains high standards for the safeguarding of protected health information (PHI) and takes all potential or actual privacy breaches seriously,” said Lisa Pfeifer, acting compliance and privacy officer, in the letter.

Source:, “Letter to Notify Patients (PDF),” Sept. 27, 2013.