Hospital Laptop Stolen; Info On 7,800 Patients At Risk

A laptop stolen from a secure office in a Texas hospital group is putting at risk identifying information on 7,800 patients without health insurance.

The Seton Family of Hospitals reported last week that a security camera captured video of the thief carrying out a laptop and a projector. The laptop contained identifying personal information such as Social Security numbers, dates of birth, and insurance program numbers.

The Austin Police Department has been notified.

The data captured on the stolen computer contains information from a shared database that's used by Seton, as well as several other local health care providers, to determine if patients seeking medical attention who are uninsured may be eligible for other funding sources, according to a written release on the Seton Web site.

The stolen information was regarding patients who sought care as part of an outpatient or clinic visit since July 1, 2005, and did not have health insurance, Seton said, estimating that data on 7,800 patients may have been lost.

Seton said in the release that it's working closely with the other health care providers to notify all affected patients.

Password-protecting the information was "designed to make it difficult to break and none of the entries on the computer included actual health information, such as diagnosis or treatment," said Greg Hartman, a senior VP at Seton Family of Hospitals, in a written statement. "Still, for some entries, Social Security numbers, dates-of-birth and insurance program numbers, like CHIP or Medicaid, may be included."

Hartman also concedes in the statement that a "determined" hacker could break the password and adds that hospital executives are taking this "very seriously" and are working with law enforcement to help find the stolen computer.

"We are very concerned that we experienced this theft at one of our secured locations," Hartman said. "While the theft of this computer certainly represents a crime, we regret that the potential access to patient data occurred in the first place. Our goal is to assure everyone that we are moving quickly to notify individuals who may be affected and will keep [patients] apprised on an on-going basis. We also want to encourage them to take steps to help safeguard themselves against identity theft."

Seton has established a toll-free number, 888-325-3456, for anyone who has questions about the data breach. People affected also can go to the hospital's special Web site for additional information about the theft and information about protecting themselves from identity theft.

This is the second time this month that a hospital has admitted to a data breach.

Earlier this month, Johns Hopkins disclosed that it lost the personal data on roughly 52,000 employees and 83,000 patients. The Maryland organization, which comprises Johns Hopkins University and Johns Hopkins Hospital, reported that nine backup computer tapes were not returned from a contractor, which routinely takes them and makes microfiche backups of them. Eight of the tapes, according to a notice on Johns Hopkins' Web site, contain "sensitive" personal information on employees, and a ninth tape contains "less sensitive" personal information on the hospital's patients.