Gibson General Hospital, Princeton, Ind., has notified about 29,000 patients that their personal information could be vulnerable following the theft of a hospital laptop computer from an employee's home.A statement from the hospital (PDF)
said letters were sent to the affected patients, who received care at the 25-bed hospital as far back as January 2007. The computer was password-protected but data was not encrypted, according to a hospital spokesman. The burglary occurred on Nov. 27 at the employee's home, as other items were also taken.
"There is no evidence to believe that the data on the laptop was the target of the theft or that any information has been or will be accessed for fraudulent purposes," Gibson President and CEO Emmett Schuster said in the statement.
The computer's data may have included patient names, addresses, Social Security numbers and clinical information. The hospital said it doesn’t know for sure what information was stored on the laptop. The employee needed 24/7 access to the hospital's electronic medical-record system, which is why the laptop was taken home, according to the hospital.
Gibson General's announcement follows several other breach reports late last month: LSU Health in Louisiana
, the University of Michigan Health System
and Kentucky's Cabinet for Health and Family Services
all reported data-security incidents.