Officials at Emory University said Tuesday they have sent letters to more than 38,000 patients who have been treated for cancer at Emory Hospital, Emory Crawford Long Hospital and Grady Memorial Hospital, warning them that a computer containing their personal information had been stolen from a business contractor in Cincinnati.
The patients were advised to put a fraud alert on their credit reports because of the identity theft.
The patient records included names, addresses, medical data, treatment information and Social Security numbers, Emory said in a statement. The information was in a computer stolen from an office of Electronic Registry Systems, one of Emory Healthcare's business contractors.
Emory spokeswoman Sarah Goodwin said confidential information from 32,071 patient files of Emory and Crawford Long patients had been taken, along with and 5,959 from Grady. Emory University owns Emory Healthcare, of which Emory Hospital and Crawford Long are a part.
Grady records were those of cancer patients treated by Emory physicians, Goodwin said.
The records for Emory Hospital have been collected since 1977, since 1981 for Crawford Long and 1986 for Grady, Goodwin said.
Electronic Registry Systems is a vendor that provides cancer registry data processing services to Emory and other hospitals and health care systems around the country. Emory is required by law to collect, update and maintain the data contained in the registry.
ERS said the computer also contained confidential information on an unknown number of patients in Pennsylvania, Tennessee and Ohio.
The company said in a statement that the data is rigorously protected with "multiple layers of security" and that police have no evidence that the theft was motivated by the intent to steal data.