Laptop heist exposes personal data on 16,000 patients at Minneapolis hospitals

The laptop, which was stolen from a car parked at a Minneapolis restaurant, belonged to an employee of Accretive Health, a Chicago-based consulting firm that is working with the two facilities, according to a report by TwinCities.com Pioneer Press.

The Minneapolis-based Fairview health system sent letters to 14,000 patients and the Robbinsdale-based North Memorial health system sent similar letters to 2,800 patients after confirming that the laptop had been stolen. Many of the patients’ social security numbers were on the stolen laptop, the report related.

"There is a password associated with accessing that particular device," said Lois Dahl, information privacy director for Fairview. "They assured us they have strong passwords, which means it's not something easy to get. Someone would have to use technical measures beyond the average person in order to get at the data on the device."

But Dahl admitted that the information on the stolen laptop was not encrypted due to human error, which involved "bypassing a step before laptops are issued to an (Accretive) employee. Accretive has assured us they fixed whatever process breakdown there was."

A spokeswoman for Accretive Health declined to questions posed by Pioneer Press about the stolen laptop. It wasn't clear if the employee in question was fired or moved off the projects at Fairview and North Memorial, the report said.

For Fairview, the theft is the second high-profile security breach involving patient records this year. In April, the health system notified 1,200 patients about the potential loss of information when a box with paper records was lost during the relocation of an office between buildings.
 

What’s hot on Infosecurity Magazine?