27K affected by theft of hospital laptop

The theft of a hospital laptop containing registration records is the source of data breach with the potential to impact 27,000 patients.

Blount Memorial Hospital, Maryville, Tenn., is informing patients of the theft. The laptop was reported stolen from an employee’s home on Aug. 25, and has not yet been recovered. According to information posted on the hospital’s website, the laptop was password-protected and contained no medical information, but did contain some patient and responsible party non-medical information.

Two groups of patient information were included on the laptop. The first group included approximately 22,000 patient records listing patient name, date of birth, responsible party name, patient address, physician name and billing information. The second group included approximately 5,000 patient and responsible party records with the information above and other non-medical information, including Social Security numbers.

The hospital said it continues to review and adapt its policies and procedures to protect the privacy and security of its patients’ information.

An online Frequently Asked Questions (FAQ) section on the breach makes clear that “Information contained on the laptop included only patient registration records, meaning only your billing address as it was supplied on your registration forms. No payment statuses, credit card or bank account information was contained on the laptop in question.” The FAQ also states that some employees are allowed to take hospital equipment home with them, as required by their jobs and responsibilities. There is no statement on whether the laptop was supposed to have been encrypted and whether the employee had followed all security protocols.