http://www.baltimoresun.com/news/health/bal-computer0904,0,500185.story By Chris Emery Sun reporter September 4, 2007 A stolen computer containing the personal records of 5,783 patients with cancer was returned to Johns Hopkins Hospital over the weekend, a hospital spokesman said. The computer was given to Johns Hopkins security personnel on Sunday afternoon by Michael Mastracci, a Baltimore lawyer who says he learned of its whereabouts from a client and arranged to have it turned over to him. An initial investigation suggests the data on the computer, which includes patients' names, Social Security numbers, birth dates, medical histories and other personal information, was not compromised, Hopkins officials said. Inspection of the computer after it was returned indicated it was probably never turned on after it was stolen and found no evidence anyone sought or gained access to the database information on the computer's hard drive, officials said. "We are still investigating and will quickly bring in an independent information technology forensic expert to examine the computer and address our preliminary findings, but we think we will be able, upon independent verification, to assure our patients that their personal information is, with high probability, safe," said Ronald R. Peterson, president of the Johns Hopkins Hospital and Health System. "We understand our patients' concerns, and we do believe that there is far less need for them to worry at this point." Mastracci said he was bound by attorney-client privilege and could not elaborate on how he received the computer on Sunday. The desktop computer was stolen from an "administrative work area" in a building on Johns Hopkins' main campus on the night of July 15 along with a laptop computer and projector. The computer was connected to a desk with a steel cable at the time, but the patient data on its hard drive was not encrypted, which raised concerns the information could be accessed and used for identity theft. Based on video surveillance, authorities issued criminal summonses for a Hopkins employee and an employee of an on-site vendor, Hopkins officials said. Hopkins sent notification letters on Aug. 24 to patients whose personal information was on the computer. ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Tue Sep 04 2007 - 22:25:20 PDT