Stolen laptop leaves Houston patient information at risk [Houston Chronicle]
(Houston Chronicle (TX) Via Acquire Media NewsEdge) Aug. 29--A laptop containing information concerning nearly 600 orthopedic patients has been stolen from a doctor affiliated with the University of Texas Health Science Center at Houston.
Notifying letters about the theft were mailed to the patients Wednesday, 26 days after the un-encrypted laptop was discovered missing from a locked closet in the orthopedic clinic. The laptop was attached to an electromyography machine used by a member of the health science center's medical practice group, known as UT Physicians.
"UT Physicians does not have any reason to believe that the information has been accessed or used by any unauthorized individual," says the letter, signed by Andrew Casas, UT Physicians' chief operating officer. "We believe that the laptop may have been taken for the value of the hardware, not to gain access to its data content."
No financial info
The laptop has not been recovered. An investigation, in conjunction with UT Police, is continuing.
Casas wrote that the laptop contains patient names, birth dates, medical record numbers and hand and arm image data. It does not include addresses, social security numbers or insurance or other financial information.
Nevertheless, Casas urged the 596 affected patients to review their health insurance activity as a precaution and report any suspicious activity.
The security breach is just the latest in the Texas Medical Center. Since 2010, there have been incidents at the UT Medical Branch at Galveston, UT M.D. Anderson Cancer Center, Houston Methodist Hospital and Texas Children's Hospital. M.D. Anderson's two breaches in 2012 involved the data of more than 32,000 patients.
'Not typical laptop'
The UT Houston health science center and physician group previously had encrypted more than 5,000 laptops, said chief information security officer Amar Yousif, but not the laptop in question. He described the computer as "not your typical laptop" because it uses a hard-to-obtain power source and propriety hardware and software. It was never attached to any wired or wireless network and its power cord is not missing.
Casas' letter says UT Physicians are conducting a physical search of all clinics and offices to ensure there are no other un-encrypted laptops or storage devices attached to medical equipment.
State and federal law requires letters of notification be mailed when compromised health information involves 500 or more patients.
(c)2013 the Houston Chronicle
Visit the Houston Chronicle at www.chron.com
Distributed by MCT Information Services
[ Back To Technology News's Homepage ]