Conn. AG Investigating Breach

Stolen Laptop Incident Prompts Inquiry
Conn. AG Investigating Breach

The recent theft of an unencrypted laptop computer containing information on more than 9,500 patients of a hospital and a home health agency has Connecticut's attorney general asking for an explanation.

See Also: Why Active Directory (AD) Protection Matters

Hartford Hospital and VNA HealthCare of Hartford, Conn., recently alerted the attorney general's office that a computer containing health information was stolen June 25 from the home of an employee of Greenplum, a subsidiary of EMC Corp.

At the time of the theft, Greenplum was performing data analysis for EMC on behalf of the organizations as part of a quality improvement project related to hospital readmissions, according to a statement issued by Hartford Hospital. The laptop contained information on 7,461 VNA HealthCare patients and 2,097 Hartford Hospital patients, the statement said. EMC has started an investigation, and the local police department has been notified.

The patient information on the stolen computer includes names, addresses, dates of birth, marital status, Social Security numbers, Medicaid and Medicare numbers, medical record numbers and certain diagnosis and treatment information.

On July 16, the day the hospital notified Connecticut Attorney General George Jepsen's office by phone about the incident, Jepsen sent a letter to an attorney for Hartford Hospital, requesting more information about the breach.

In the letter, Jepsen poses questions about the circumstances and timeline of the theft, the number of Connecticut residents affected, the forms of protected health information stored on the stolen device and measures being taken by Greenplum and the hospital to safeguard data since the incident.

A Hartford Hospital spokeswoman says the hospital is cooperating with the attorney general on the investigation. In addition, the spokeswoman says "the hospital and VNA are doing a lot to assist those who were affected," including providing two years of credit monitoring from AllClear ID and identity theft insurance, as requested by the AG's office.

In an Aug. 2 e-mail to HealthcareInfoSecurity, Assistant Attorney General Matthew Fitzsimmons says that his office hasn't yet received responses to its questions from the Hartford Hospital, "but [they] are expected soon after a mutually agreed upon extension to respond. We greatly appreciate the level of cooperation we have received thus far."

Fitzsimmons would not speculate on whether his office will proceed with any enforcement actions against the hospital. "While the investigation is ongoing, we will not comment on potential outcomes," he says.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.