Carlos Sadovi reports:
Nearly 3,000 patients are being notified that a laptop computer stolen in October contained health information from patients of the Northwestern Memorial Healthcare group, hospital officials said Friday
The 2,800 people had been patients of Northwestern Medicine Lake Forest Hospital, Northwestern Memorial Hospital and Northwestern Medical Group, officials said in press release late Friday.
Officials said that they were notified of the theft on Oct. 21.
The laptop computer, which was password protected and “yet unencrypted” contained patient information when it was inside an employee’s vehicle that was stolen on Oct. 21.
Read more on Chicago Tribune.
A notice posted to the hospital’s web site reads:
Northwestern Lake Forest Hospital, Northwestern Memorial Hospital, and Northwestern Medical Group, affiliates of Northwestern Memorial HealthCare (collectively NMHC”), are committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
On October 21, 2014, we learned that a password protected, unencrypted laptop containing patient information was inside an employee’s vehicle that was stolen on that same date. The employee immediately contacted law enforcement who began an investigation. We also immediately began an internal investigation, including hiring an outside expert forensics firm to recreate the data on the laptop. Our investigation determined that the laptop may have contained patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, treatment information, and, in some limited instances, Social Security numbers. Patients’ credit card and bank account information were not on the laptop.
This incident did not affect all NMHC patients, and NMHC sent letters notifying affected patients.
At this time, we have no knowledge that this information has been used in any way. However, as a precaution, we began sending letters to affected patients on December 19, 2014, and have established a dedicated call center to answer questions that patients may have. If you believe you are affected but do not receive a letter by January 9, 2014, please call 888-266-9276, Monday through Friday, from 8:00 AM to 8:00 PM Central Time.
We deeply regret any inconvenience this may cause you. NMHC has a robust privacy and security program, including encryption of laptop computers. To help prevent something like this from happening again, NMHC is confirming and ensuring encryption of all laptop computers and reinforcing education with our staff on the importance of handling patients’ information securely.