Beth Israel Deaconess Medical Center in Boston is notifying approximately 3,900 patients about a data breach that could have compromised some of their personal health information, the Boston Globe reports.
About the Breach
On Friday, hospital officials announced that a physician's personal laptop computer was stolen on May 22.
John Halamka, CIO at the hospital, said the laptop did not contain complete patient health records, Social Security numbers, medication lists, financial data or anything "that would be used from an identity theft perspective."
Beth Israel officials said a national forensic firm has found no indication that any data were compromised.
Follow-Up Action
Halamka said the breach has been "a teachable moment" that led the hospital to immediately change its encryption policies. "We have said to our employees that there is now a mandatory encryption program," Halamka said, adding, "So any device that is used in any way with our data, whether it is patient-related or administrative, it must be encrypted."
According to Halamka, the process of encrypting an estimated 1,500 personal devices used by the hospital's 6,000 employees likely will take three months.
In addition to the encryption policy changes, Beth Israel has boosted security in office buildings and launched a campaign to increase awareness about data security issues.
The hospital also is mailing notification letters to affected patients and providing them with access to a toll-free hotline that will provide information about the breach (Lazar, Boston Globe, 7/21).