On Friday, Thomas Jefferson University Hospital in Philadelphia notified 21,000 patients that a laptop computer containing their unencrypted personal data including names, birth dates, insurance information and social security numbers was stolen from an office at the hospital on June 14.
The laptop was password-protected; Still, the data could be accessed since it was not encrypted as required by the hospital. Jefferson has written letters to each of the effected patients and hired Kroll Inc. to conduct an internal investigation and provide identify theft protection and ongoing monitoring.
Jefferson’s president and chief executive, Thomas J. Lewis, urged all the patients who get the letters from him to use the individual id codes and activate the identity theft protection by Kroll.
“As upsetting it is for me, I know it is even more upsetting for the people who have gone through it and I am really sorry that they have to deal with this,” Lewis said in an interview.
Since the computer was reported missing, Lewis said the hospital has engaged in a broad review of its policies and procedures to “try to make it fool-proof that this can’t happen again at Jefferson.”
That involved fixing flaws in the system that enabled the data to be moved from the hospital’s computer system to the employee’s laptop. The employee violated hospital policy by copying the data, and would be subject to “appropriate action,” Lewis said.
He declined to go into specifics of the personnel action.
So far, Jefferson has not been notified that any of the personal information has been accessed or used inappropriately, but Lewis emphasized that it was critical for the patients to activate their Kroll identity theft protection as soon as possible.
A similar loss of private patient information occurred last December at Children’s Hospital of Philadelphia when an employee’s laptop computer containing data including social security numbers on 942 patients was stolen from a car parked at the employee’s home.
On Tuesday, Cooper University Hospital in Camden reported that a flash drive containing social security numbers, addresses and phone numbers of medical residents and fellows was missing.
“The hospital is conducting a thorough investigation and has initiated an aggressive plan to protect any personnel who could be affected by this potential security breach,” Cooper said in a statement.
The problem of personal data being lost or stolen from hospitals extends across the nation.
On July 20, South Shore Hospital in South Weymouth, Mass. reported that computer files containing 14 years of personal, health and financial information of patients, vendors, employees and others “may have been lost by a professional data management company.” An estimated 800,000 people were potentially affected by that loss.
To check out more Check Up items go to www.philly.com/checkup.