[Dataloss] Patients' Data on Stolen Laptop
lyger
lyger at attrition.org
Mon Mar 24 02:09:44 UTC 2008
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753.html
A government laptop computer containing sensitive medical information on
2,500 patients enrolled in a National Institutes of Health study was
stolen in February, potentially exposing seven years' worth of clinical
trial data, including names, medical diagnoses and details of the
patients' heart scans. The information was not encrypted, in violation of
the government's data-security policy.
NIH officials made no public comment about the theft and did not send
letters notifying the affected patients of the breach until last Thursday
-- almost a month later. They said they hesitated because of concerns that
they would provoke undue alarm.
The handling of the incident is reminiscent of a 2006 theft from the home
of a Department of Veterans Affairs employee of a laptop with personal
information about veterans and active-duty service members. In that case,
VA officials waited 19 days before announcing the theft.
[...]
More information about the Dataloss
mailing list