Conn. AG Investigating BreachStolen Laptop Incident Prompts Inquiry
The recent theft of an unencrypted laptop computer containing information on more than 9,500 patients of a hospital and a home health agency has Connecticut's attorney general asking for an explanation.
See Also: The Essential Guide To Machine Data
Hartford Hospital and VNA HealthCare of Hartford, Conn., recently alerted the attorney general's office that a computer containing health information was stolen June 25 from the home of an employee of Greenplum, a subsidiary of EMC Corp.
At the time of the theft, Greenplum was performing data analysis for EMC on behalf of the organizations as part of a quality improvement project related to hospital readmissions, according to a statement issued by Hartford Hospital. The laptop contained information on 7,461 VNA HealthCare patients and 2,097 Hartford Hospital patients, the statement said. EMC has started an investigation, and the local police department has been notified.
The patient information on the stolen computer includes names, addresses, dates of birth, marital status, Social Security numbers, Medicaid and Medicare numbers, medical record numbers and certain diagnosis and treatment information.
On July 16, the day the hospital notified Connecticut Attorney General George Jepsen's office by phone about the incident, Jepsen sent a letter to an attorney for Hartford Hospital, requesting more information about the breach.
In the letter, Jepsen poses questions about the circumstances and timeline of the theft, the number of Connecticut residents affected, the forms of protected health information stored on the stolen device and measures being taken by Greenplum and the hospital to safeguard data since the incident.
A Hartford Hospital spokeswoman says the hospital is cooperating with the attorney general on the investigation. In addition, the spokeswoman says "the hospital and VNA are doing a lot to assist those who were affected," including providing two years of credit monitoring from AllClear ID and identity theft insurance, as requested by the AG's office.
In an Aug. 2 e-mail to HealthcareInfoSecurity, Assistant Attorney General Matthew Fitzsimmons says that his office hasn't yet received responses to its questions from the Hartford Hospital, "but [they] are expected soon after a mutually agreed upon extension to respond. We greatly appreciate the level of cooperation we have received thus far."
Fitzsimmons would not speculate on whether his office will proceed with any enforcement actions against the hospital. "While the investigation is ongoing, we will not comment on potential outcomes," he says.