Healthcare News & Insights

2 more data breaches caused by laptop thefts

A Boston hospital recently reported a data breach that occurred after a doctor’s personal laptop containing patient information was stolen during a robbery. Now, two other healthcare organizations have had patient information stolen due to laptop thefts. 

Recently, Hartford Hospital in Connecticut and Northwestern Memorial Hospital in Chicago both reported data breaches that occurred because laptops were stolen.

In the Hartford breach, the incident involved the employee of a data analysis firm the hospital had contracted with. The employee was performing work as part of a quality improvement project involving hospital readmissions, and a laptop containing patient information was stolen from the person’s home.

The information wasn’t encrypted, but in an announcement, hospital officials said they didn’t believe any of the data had been misused. After the employee reported the theft, the contractor started an investigation and notified the hospital immediately. Information about close to 10,000 patients may have been affected.

The Northwestern breach occurred when six laptop and tablet computers were stolen from the hospital’s main offices in June. Names, addresses, birth dates, Social Security numbers, medical treatment data and other protected health information from an undisclosed number of patients may be at risk.

Normally, the information would have been protected by several security controls, hospital officials said, but those controls were suspended at the time of the theft because the computers were receiving software upgrades.

These two data breaches can teach other healthcare organizations some lessons on how to prevent problems of their own:

  1. Make sure third parties properly protect data. Hartford announced that it has begun “doing everything in [its] power” to make sure all contractors encrypt any protected health information that they hold.
  2. Encrypt data at all times. It’s unclear what security controls were in place on Northwestern’s computers or why they had to be bypassed to run software updates, but it’s a good idea to keep sensitive data encrypted at all times and no matter what device is being used to store it.
  3. Pay attention to physical security. When trying to protect digital information, most organizations focus on encryption, firewalls and other technical security controls. But as these incidents show, physical thefts also put data at risk.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.