Stolen Hospital Laptops with Unencrypted Files Put 729,000 Patients at Risk

Wednesday, October 23, 2013

A crappy Obamacare website isn’t the only thing annoying users of California health care this week.

Two laptops are missing and presumed stolen from a Southern California hospital administration office, putting 729,000 patients on notice that their personal information—Social Security numbers for an unlucky 10%—had been compromised. Lost data includes names, Medicare and insurance ID numbers, diagnoses and procedure codes, and insurance and payment records.

Police were looking for a locally-known transient whose likeness was captured by security cameras wandering through an Alhambra-based AHMC Healthcare Inc. office building on October 12, when the computers disappeared. AHMC said a sixth-floor office had been broken into.

It was unknown if the thief knew what information was on the computers or could bypass its password protection.

The files were not encrypted.

The California Attorney General’s office likes encryption and noted in a recent report (pdf) that more than half the 2.5 million victims of data breaches it surveyed in the state last year would have benefited from its presence. About 15% of the 131 incidents noted by the AG were in health care. The study did not seek out breaches with fewer than 500 individuals.

The average breach in 2012 involved 22,500 individuals, but that number was affected by five breaches of 100,000 or more individuals each. The mean breach was 2,500. The California Department of Social Services suffered the largest breach in March of that year when it lost a computer storage device that held sensitive information on 845,000 parents, children and caregivers.    

AHMC said in a press release (pdf) that it does not encrypt its sensitive files, but it wants to and has hired a third-party to give it some suggestions on what to do. In the meantime, it recommended that patients should consider placing fraud alerts on their files with the three big credit agencies, Equifax, TransUnion LLC and Experian.

The six AHMC hospitals affected are: Garfield Medical Center in Monterey Park, Monterey Park Hospital, Greater El Monte Community Hospital in South El Monte, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center. 

–Ken Broder


To Learn More:

Transient Sought in Alhambra Theft of Medical Laptops Containing Information of More than 700,000 Patients (by Venusse Navid, Whittier Daily News)

Police Identify Suspect in Theft of Hospital Laptops with Patients’ Data (by Jed Kim, KPCC)

Laptop Thefts Compromise 700,000-Plus Hospital Patient Files (by Richard Winton, Los Angeles Times)

Personal Data Lost for 2.5 Million Californians, but Many Probably Didn’t Know It (by Ken Broder, AllGov California)

Leave a comment