Truman Medical Centers, the biggest provider of inpatient and outpatient services in Kansas City, MO, has found out that the protected health information of 114,466 patients was held on an unencrypted laptop device that was stolen from the vehicle of one of its staff members.
The laptop was secured with a password, but there is a chance that the password could be cracked and data on the device accessed. At the time of issuing the alerts, Truman Medical Centers has not found any proof to suggest that any patient data has been accessed by unauthorized persons or has been improperly used.
The range of information on the laptop differed from patient to patient and may have incorporated patient names along with one or more of the following sort of information: Dates of birth, patient account details, medical record data, Social Security numbers, health insurance information, and restricted medical and treatment information, such as diagnoses, dates of service, and provider names.
The theft took place on July 18, 2019, but it was not until October 29, 2019 that it was discovered patient information was stored on the device. All those whose protected health information was held on the laptop have now been contacted by mail. Individuals whose Social Security number was saved on the device have been provided with free credit monitoring and identity protection services.
Hospital representative Leslie Carto said the company-issued laptop was taken from a staff members car and added that there is no proof “any unauthorized party accessed, viewed or misused the informatio”. She said:. “While we think the odds of the thief being able to crack the password and find any (patient health information) are slim, we owe it to our patients to let them know about the theft”.
Staff members have been re-trained on portable device security. Extra security measures are being downloaded on employee laptops to improve security.