- Brigham and Woman’s Hospital (BWH) notified patients that an incident in September could potentially have exposed some individuals’ protected health information (PHI).
A BWH physician’s laptop and cell phone were stolen during an armed robbery off hospital grounds on Sept. 24, according to a hospital statement. While the devices were encrypted, the robbers forced the physician to reveal the pass codes and encryption keys to the items.
“Possession of the pass codes/encryption keys along with the devices themselves could provide an individual the ability to view information stored on the laptop or cell phone,” BWH said. “The theft was immediately reported to the Boston Police Department.”
The hospital explained that it does not know if the information on the computer or cell phone has been accessed, but said that as of yet, neither device has been found.
Information about patients receiving treatment at BWH’s Neurology and Neurosurgery programs between Oct. 2011 and Sept. 2014 were on the devices. The information of a small number of individuals who participated in research studies was also included in the missing data, BWH said. In total, 999 patients PHI was potentially put at risk from the breach.
Patient names, medical record number, age, medications, and information about diagnosis and treatment were all included on the stolen devices. However, BWH said that the PHI did not include Social Security numbers or other financial information.
“Upon learning of this theft, BWH initiated a thorough investigation, including the creation of a multidisciplinary workgroup to respond to this incident,” the statement said. “BWH is currently reviewing related policies and procedures in an effort to determine if there are steps that BWH can take that may decrease the likelihood of reoccurrence of this type of incident in the future.”
The hospital started sending letters to potentially affected patients on Nov. 17, but stated that it does not think the information will be misused. BWH is also urging individuals who believe they might be affected to reach out to the BWH toll free Helpline.
According to a MyFoxBoston report, the incident is connected to several other armed robberies that took place the same night in the Jamaica Pond neighborhood. Boston police told the news source that the physician was attacked by two individuals. The robbers took the devices after they tied the physician to a tree while one man held a gun and the other had a knife.
However, police did make two arrests after a similar robbery took place in Franklin Park. The individuals were believed to be responsible for the other armed robberies, according to police.
Lost or stolen devices are a leading cause of health data breaches. Last month, the California Attorney General released a report showing that 70 percent of the health data breaches reported in the past two years were because of stolen or lost hardware or digital media that held unencrypted personal information.
While the BWH incident had encrypted devices, it is still an example of why healthcare organizations need to have numerous physical safeguards in place to ensure that patient data remains secure.