Here we go again. Another stolen laptop puts patient information at risk

Linda Musthaler
By | August 30, 2013

Posted in: Network Security Trends

It happened again—another doctor’s office, another stolen laptop laden with patient records. The Houston Chronicle is reporting that a laptop computer containing unencrypted information pertaining to nearly 600 patients has been stolen from the University of Texas Health Science Center at Houston.

Sigh. When will they ever learn?

The Chronicle reports that the laptop, which was discovered missing from a locked closet, was attached to a proprietary medical device. The PC contains patient names, birth dates, medical record numbers and medical image data; it doesn’t contain addresses, social security numbers or insurance or other financial information. Nevertheless, the medical practice group that owns the PC is sending out notification letters to the affected patients, as required by law.

The letter states that the laptop owners “do not have any reason to believe that the information has been accessed or used by any unauthorized individual” and that “the laptop may have been taken for the value of the hardware, not to gain access to its data content.” Well, that may be true, but it’s doubtful that the thief just wants the PC for his or her own personal use at home. Nope, that thief is going to pawn or otherwise sell the computer, and then who knows what will happen to the patient data?

What’s really disheartening is that this theft is just one of numerous breaches at the Texas Medical Center, and that the health science center had previously encrypted more than 5,000 laptops—just not this one. The center’s CISO explained that this particular laptop was never attached to any wired or wireless network. But really, does that make it any less deserving of encryption than the other 5,000 PCs? How much effort would it have been to encrypt the data on this little laptop, too? Now the PC is gone, the patient records are in the wild, notifications are in the mail, and yet another lesson has been learned the hard way.

Come on, people, encrypt those laptops, will ya?

You May Also Be Interested In: