[ISN] Laptop with data on 28, 000 home care patients stolen in Detroit

From: InfoSec News (alerts@private)
Date: Wed Aug 23 2006 - 22:29:12 PDT


http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002685

By Linda Rosencrance
August 23, 2006 
Computerworld

A laptop containing home care information on 28,000 patients has been
stolen from the car of a nurse who works for Royal Oak, Mich.-based
Beaumont Hospitals, according to a statement [1] from the hospital.

The laptop was in the nurse's car, which was stolen in Detroit on Aug.  
5 after the nurse had finished seeing patients. The vehicle was later
recovered, but the laptop was missing. The computer contained personal
and health information of Home Care patients who had received care
over the previous three years, the hospital said.

The Home Care staff uses laptops to document patient care; The data on
the stolen laptop -- a Dell Latitude model -- includes patient names,
addresses, birth dates, medical insurance information, Social Security
numbers and personal health information relating to their home care
services. The computer does not include information on services
received at the Beaumont Hospitals or other Beaumont outpatient
services, the hospital said.

There is no evidence that anyone's personal information has been
accessed or misused, the statement said, nor is there any no evidence
that the computer was stolen for its data.

While Home Care laptops are encrypted and password protected, the
nurse's ID access code and password were with the stolen computer,
meaning personal information may be at risk of exposure. The nurse was
a new employee still completing orientation.

"We have been working with the Detroit police in investigating the
theft and attempting to recover the laptop," said Chris Hengstebeck,
director of security for Beaumont Hospitals. "We have communicated the
situation to all Home Care patients through a letter and tested and
strengthened our computer security systems and processes. We deeply
regret that the personal information of our Home Care patients may be
at risk for exposure. We are taking aggressive measures to protect
their personal and health information and to lessen the impact of the
computer theft on them."

Beaumont said its IT department is reviewing and enhancing computer
security systems with its software vendor. The hospital said it has
also reinforced laptop security procedures with its Home Care staff.

Beaumont Home Care has arranged for affected patients to enroll in a
credit reporting service, at the hospital's expense, for one year.

A reward for the recovery of the laptop is also being offered.

[1] http://www.beaumonthospitals.com/pls/portal30/site.news_pkg.story_show?xstoryid=631


_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 22:41:00 PDT