Welcome to the SecAware blog

I spy with my beady eye ...

24 Aug 2006

US hospital laptop theft puts 28,000 IDs at risk

A Beaumont Hospital Home Care laptop was stolen from the car of a home care nurse, reports Metro Detroit. The nurse, a new employee, "broke hospital policy by leaving her access code and password with the computer". Doh! Data on more than 28,000 present and former patients have been compromised. "The best protection is to train and educate people who use this information as part of their jobs, to have an awareness of the things they need to do to keep this protected," said Michael Friedman, an attorney in Detroit who has handled several HIPAA cases. "It's not a sophisticated technological solution." Having covered identity theft in this month's NoticeBored security awareness module, we'll be moving on to mobile/portable IT and teleworking next month ... what more can we do to encourage organizations to invest proactively in security awareness?
More identity theft links

1 comment:

  1. Gary,

    An update to the story from Modern Healthcare. FYI

    Mich. system recovers stolen laptop computer
    William Beaumont Hospital, Royal Oak, Mich., said it recovered a laptop computer containing personal information, including medical data, on patients in its home-care division. The laptop was stolen from a nurse's car Aug. 5. The two-hospital system said an independent forensic computer expert determined that the patient information was not accessed. A witness who saw the crime returned the laptop Wednesday after the system announced the loss of the computer and offered a $2,500 reward, said Chris Hengstebeck, security director at Beaumont Hospital, Troy, Mich., which oversees the home-care division. According to Hengstebeck, the nurse's husband interrupted an attempted theft of the car. The perpetrator ran off with the laptop and dumped it during the chase. A witness, who Hengstebeck declined to identify, retrieved the computer but did not know what to do with it.

    Hengstebeck said the system has taken disciplinary action against the nurse because a password and ID access code necessary to retrieve the information were kept with the computer. "Had that not occurred, this would have been a non-event," he said. He declined to elaborate on the disciplinary action. Hengstebeck said the system has visually checked all home-care laptops to ensure passwords and access codes are not kept with the electronic device. Beaumont also is evaluating its data needs to see if all information stored on the laptops is necessary or if older data could be archived elsewhere, he said. -- by Andis Robeznieks