The private health information and Social Security numbers of nearly 4,000 patients of the University of Texas M.D. Anderson Cancer Center are at risk after a laptop containing their insurance claims was stolen.
Patients and patients' families were notified this month of the theft, which occurred in November at the Atlanta home of an employee of PricewaterhouseCoopers, an accounting firm reviewing the patient claims. Those notified were advised to monitor their credit.
"The laptop that was stolen does have sophisticated encryption software, so it will be very difficult for someone to access patient information," Carrie Lyons, M.D. Anderson's chief privacy officer, wrote in a Jan. 30 letter. "Even though it will be difficult for someone to access patient information, we feel you should be informed of this incident."
Lyons said that because the laptop was stolen along with other valuables, investigators think it's unlikely it was taken to obtain the patient information. The matter is being investigated by Atlanta police.
Calls to PricewaterhouseCoopers were not returned.
Information contained in the laptop included patients' names, policy numbers, Social Security numbers, dates of birth, ZIP codes, medical procedures and dates of service.
Lyons said M.D. Anderson has received about 60 phone calls from patients concerned after receiving her letter.
She said none has reported learning his information was accessed.
"Businesses need to realize they have an obligation to protect information to see that it doesn't fall into the wrong hands because when it does it's a problem," said Tom Carter, senior attorney in the Dallas-based Southwest Regional office of the Federal Trade Commission. "That information is only as safe as they keep it."
Patients and their families should get copies of their credit report, Carter said, adding, "if some company is concerned enough to give me notice, I'm going to spend time checking it out."
Harris County Assistant District Attorney John Brewer, who works in the identity-theft division, said it's unlikely that common thieves have high-tech encryption-breaking devices. But he said that should not give people a false sense of security.
"Your personal information is so out there that encryption is the least of your problems," Brewer said. "It's all the other places it is that you need to worry about if you want to worry. No place is safe. Anybody who has good credit is a likely victim."
[an error occurred while processing this directive]