This Laptop Theft Has an Unusual Twist

Thief Describes Dumping Computer in a Lake
This Laptop Theft Has an Unusual Twist

The theft of laptops is a very common cause of healthcare data breaches. But rarely is the thief caught, and even more rarely does the thief describe what happened to the device.

See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys

In a recent South Carolina incident, police say two thieves not only confessed to the crime, but one also described how he went about trying to destroy the data contained on the device after supposedly regretting the theft.

On May 25, the unencrypted laptop computer was stolen from an administrative office of Self Regional Healthcare, a healthcare system in Greenwood, S.C., resulting in a breach affecting 39,000 patients.

Self Regional says in a statement on its website says that on May 27, after returning from the long Memorial Day weekend, employees discovered the laptop was stolen. The theft was determined to have occurred two days earlier when two unauthorized individuals broke into the building, which law enforcement officials tell Information Security Media Group is about a half-mile away from Self Regional's patient care facilities.

"Upon learning of the burglary, SRH contacted law enforcement and worked closely with them," the healthcare provider's statement notes. Two individuals, neither of whom worked for Self Regional, were arrested in the theft, Greenwood Police Chief Gerald Brooks tells ISMG. The investigation was helped by security surveillance video of the Self Regional facility, which assisted in police identifying the suspects and making an arrest on June 10, says Greenwood Police Captain Nick Futch.

Both of the thieves ended up confessing to the crime. One of the individuals responsible for stealing the laptop stated that he destroyed the computer with a sledgehammer and disposed of it off a pier into Lake Thurmond in McCormick, County, S.C., Brooks says.

"The individual who confessed to the theft said he woke up the next morning and felt regretful, so he'd battered up the laptop and then dropped it off a pier," Brooks says. However, because the laptop was encased in a carrying case, "it floated on the surface and drifted in the lake for a while before sinking," he says. The police sent divers into the lake to look for the computer based on that information, but have been unable to recover the stolen laptop, he says, noting that "the mud is very thick in the lake."

Both individuals were charged with burglary and released on bond, Futch says.

The Investigation

Self Regional CEO Jim Pfeiffer says in the statement that the organization retained third-party computer forensic experts to assist with the investigation of this incident. "Even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop, because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients' protected health information," he says.

The information contained on the laptop includes patients' names, Social Security numbers, driver's license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly their addresses, Self Regional says.

The incident has been reported to the Department of Health and Human Services as well as to certain state regulators, the statement says.

Self Regional is also offering affected individuals access to one-year of free credit monitoring services.

Officials at the provider organization did not respond to ISMG's request for further comment on the incident.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.