INDIANA COMPUTER CONTAINING PATIENT DATA MISSING FROM HOSPITAL 14 WFIE, The Tri-State's News Leader: Laptop, containing patients' SSN, missing from Deaconess: Laptop, containing patients' SSN, missing from Deaconess

Dec 27, 2006 01:54 PM

Update, Wed 12:30 pm: Confidential patient information is missing from an Evansville hospital.

Employees in the respiratory therapy department at Deaconess Hospital aren't sure what happened to a laptop loaded with patient information. No one has seen it since late November.

The computer contained personal information on 128 patients including Social Security numbers. Hospital authorities sent those patients a letter warning them they could be the victims of identity theft.

Sam Rogers, Deaconess Hospital, says, "To date, we can't determine if someone actually took it, took it for bad reasons, or if it still is missing."

The good news is the missing laptop does have password protection, so only Deaconess employees should be able to access those patients' personal information.

If you think your personal information might be at risk, the Better Business Bureau recommends monitoring your credit card and bank statements, putting an initial fraud alert on your credit account, and visiting the Trade Commission Web site for more information.

Deaconess officials are already taking steps to make sure this never happens again by commissioning a group to work on encrypting their patient records to make them harder to crack and keeping their laptops under a stricter check out policy.

Update, Tue 5:30 pm: Deaconess Hospital administrators are advising patients Tuesday night that their identity may have been compromised after a laptop, containing information on 128 patients, is missing and presumed stolen from the respiratory therapy department.

Deaconess employees discovered the laptop was missing in late November. They searched for the computer, and still don't know if it really was stolen or just missing.

So to be on the safe side, they sent out a letter to all 128 patients telling them they could be at risk for identity theft.

Deaconess officials say the only patients at risk were given respiratory treatments on July 18 and 19 of this year.

But the good news is the laptop was password protected. So only Deaconess employees were able to access it.

But since that information includes patients Social Security numbers, they wanted to make those patients aware.

Right now, they aren't sure who last had the computer or who might be a suspect.

Statement from Deaconess Hospital:

Deaconess Hospital reports that a laptop computer used in its Respiratory Therapy Department is missing and presumed stolen. The laptop may have contained private information on up to 128 patients.

The laptop was used to record medical and personal information in patient medical charts. The computer was password protected, making it unlikely that anyone but certain Deaconess Hospital employees could access the information stored on the computer.

Deaconess does not have any information indicating the computer was stolen for the purpose of identity theft or that the information on the computer has been misused to date.

In a letter sent December 23, Deaconess notified 128 patients that their information may have been on the computer. Deaconess recommended that these patients take the following steps to protect themselves against identity theft:

• Monitor bank, credit card and other bills/statements in detail for the next two years.
• Contact credit card issuers and inform them of what has taken place.
• Obtain a credit report from each of the credit reporting bureaus (Equifax, Experian and TransUnion). Each credit reporting bureau is required by law to provide each person one free credit report per year. The Credit Bureau Central Source can be contacted at 1-877-322-8228.
• Visit the Federal Trade Commission Web site at www.consumer.gov/idtheft. This site has several pages with advice for reducing opportunities for identity theft.

Deaconess has taken several steps to prevent future incidents of this nature, including establishing a Security/Privacy Team to install encryption software on computers and tightening procedures and monitoring systems.