(This story has been updated with comment from Lucile Packard Children's Hospital.)
The Lucile Packard Children's Hospital and the Stanford University Medical School are reporting that an unencrypted laptop computer carrying medical information on pediatric patients was stolen from a physician's car on Jan. 9.
The number of patients affected was not disclosed in a news release about the incident, but a question-and-answer page
for patients on the hospital website said it was “providing outreach to approximately 57,000 patients, and we are assuring they are notified promptly.”
Robert Dicks, senior director of media relations at the hospital, said in an e-mail Thursday, the laptop had been backed up the day before it went missing, “thus allowing its contents to be carefully reviewed.” Also, Dicks said, the laptop had been installed with security tools “that would alert us if it connects to the Internet. So far, no such access has been detected.”
Dicks said the hospital and the Stanford School of Medicine “have been in an active mode of encryption for thousands of computers and devices for some time,” but the stolen laptop “had not been encrypted yet.”
According to a news release
, the laptop was password-protected, but contained records “predominantly from 2009 and related to past care and research” that included the patients' names, dates of birth, “basic medical descriptors” and medical record numbers, as well as, in some cases, “limited contact information.”
Free identity protection services are being offered to affected patients, according to the notice. The hospital in its notice also said it was “redoubling our efforts to ensure that all computers and devices containing medical information are encrypted.”
There are 537 healthcare information breaches publicly reported on a website maintained by the Office for Civil Rights at HHS
involving 500 or more individuals, including a previous incident at Lucile Packard involving 532 individuals and the loss of a computer in 2010.