Stolen Laptop: Breach Affects 34,000Howard University Hospital Notifies Patients
Howard University Hospital in Washington, D.C., is notifying more than 34,000 patients about a data breach involving the theft of a former contractor's unencrypted personal laptop computer from a vehicle.
The former contractor, who the hospital is not naming, downloaded the patient files to the laptop in violation of the hospital's policies and HIPAA guidelines, the hospital acknowledges in a statement on its website. The contractor, who ceased working for the hospital last December, reported the theft to police on Jan. 25.
The laptop included Social Security numbers of some of the patients; those patients are being offered one year's worth of free credit monitoring and identity theft alert coverage. Other data on the laptop includes names, addresses, identification numbers, medical records numbers, birth dates, admission dates, diagnosis-related information and discharge dates.
So far, there's no evidence that any of the patient files have been accessed, the hospital reports. In the wake of the incident, the hospital has strengthened its contractor policies to make clear that data and laptop encryption are required. Plus, the hospital has announced it is encrypting all laptops issued to staff members.
The hospital has posted a frequently asked questions guide on its website.