About 3,900 patients of Beth Israel Deaconess Medical Center (BIDMC) are being notified of a data breach exposing their sensitive personal information. According to the Boston Globe newspaper, the patient records were stored on a physician's laptop which was stolen from an office on May 22. The hospital has already notified local law enforcement and began a breach investigation to determine the data exposed/stolen.
This is a second major breach at the hospital. In July 2011, a breach exposed the protected health information (PHI) of about 2,021 patients after a vendor failed to restore security controls on an Internet-connected computer during routine maintenance. That 2011 breach exposed patients' names, BIDMC medical record numbers, gender, date of birth and the date and name of radiology procedures. According to the 2011 breach announcement, the breached computer, infected with a computer virus, had transmitted stolen data to an unknown location.
A check of the hospital's website did not find an announcement yet about its 2012 breach. Hopefully, the data was encrypted on the laptop. Earlier this month, BIDMC was again rated by U.S. News & World Report as a leading hospital in the USA.
After its 2011 breach, BIDMC provided affected patients with one year of free identity protection services, and a list of state and federal resources.
[Update, Tuesday May 23, 1:30 pm: BIDMC released a press release later on Monday, explaining that it was in hte process of contacting affected patients. Local law enforcement had arrested a suspect, but the stolen laptop had not been recovered.]