Widgets Magazine

Laptop theft compromises Packard hospital information

The Lucile Packard Children’s Hospital (LPCH) announced Monday the theft of a laptop containing patient medical information, an incident that has potentially affected up to 57,000 patients. The hospital has since notified affected individuals.

The laptop was stolen from a physician’s car at an off-campus location on the night of Jan. 9. While a police investigation was opened the following day, the laptop has yet to be recovered.

According to a press release from the LPCH, the laptop’s data was “predominantly from 2009 and related to past care and research.” The laptop contained basic patient details and medical descriptors but no financial information, Social Security numbers or any “marketable information.”

The laptop was also password-protected, and the LPCH has “no indication that any of the patient information has been accessed or compromised,” according to Robert Dicks, LPCH spokesman.

“Immediately following discovery of the theft, Packard Children’s Hospital and the School of Medicine notified law enforcement and internal security and launched an aggressive investigation, which is still under way,” the LPCH press release said.

Dicks framed the theft as a prompt to further increase safeguards on patient data – through methods like improved data encryption – in order to prevent similar incidents in the future.

“We really strive to be industry leaders in information security and we’re using the theft to further strengthen policies and controls surrounding the protection of patient data,” Dicks said.

According to Dicks, the last time a similar occurrence transpired was in January 2010, when a password-protected desktop computer containing patient scheduling information was stolen. That incident, which affected 532 patients, prompted a $250,000 fine due to the delay of the hospital’s response. It was later reduced to $1,100, according to Dicks.

The hospital has offered potentially affected patients the option of receiving free identity protection services, and has established a toll-free line for patients to inquire about the status of their personal information.

  • Alex Herd

    Why are there so may unprotected business laptops with other people’s private data? Don’t they know you can protect them with laptop tracking, anti theft software? Look at the Devicetrack.net website .Does the job and could have saved a lot of students and the University from unnecessary losses..

  • DanM

    Alex, you’re absolutely correct. My child’s information was stolen, but LPCH made it clear they don’t give a damn. Did the physician get fired? No. After all, LPCH doesn’t see anything wrong with their procedures. Download patient info? Sure, put it on a laptop. Unlock the laptop from your desk. Carry it away from LPCH. Leave it in the car – even though Palo Alto has had a problem with car burglaries. Not LPCH problem. BTW, the offer of credit protection for a year is a joke. Since Stanford hospital disabled my child, he won’t have a job or assets anyway. I worry about someone using his identity for Social Security, Medi-Cal, etc but LPCH won’t do anything about that. Tanya Okan, if you don’t agree, call me.

  • DanM

    Why? Because the University did NOT suffer unnecessary losses – only the patients did. And my experience makes it clear that when the University employees’ jobs are NOT at risk then there is no incentive to resolve problems – in fact, they deny there is a problem and bury information that disproves it. It’s been 8 years that I’ve been trying to get certain information that Chief-of-Staffs at LPCH admit they have but won’t release.A

  • Palo Alto Mom

    Seems to me that Stanford pays lip service to protecting lap tops. It’s not the staff’s fault if Stanford doesn’t get serious. Computers get stolen from their unlocked offices, people’s homes, anywhere. Only until Stanford gets serious about security on mobile devices will patient information be secure. This is a Stanford issue that they just have not addressed.

  • dan m

    It’s been a while. It looks like we were lucky and the thief didn’t release the info. I’ve also been able to find out who the physician was (2 sources pointed to the same person). It looks like a $1100 fine wasn’t enough to convince LPCH to secure information, it’s peanuts to them, right?