- On December 21, 2016, Children’s Hospital Los Angeles (CHLA) and Children’s Hospital Los Angeles Medical Group (CHLAMG) became aware of a potentially unencrypted laptop stolen on October 18, containing the personal health information of nearly 3,600 patients.
The laptop was stolen from the locked vehicle of a CHLAMG physician working at CHLA. An investigation found the laptop had been encrypted to up-to-date institutional standards and was password-protected. However, a later review revealed it is possible the laptop was not encrypted.
The institution is in the process of notifying potentially impacted patients who may have had information stored on the laptop. This includes names, addresses, medical record numbers, and certain clinical information.
“Following the notification regarding the burglary, an investigation took place to determine whether patient health information existed on the laptop,” CHLA spokesman Lorenzo Benet said in a statement. “Based on the investigation, the laptop has not been used to access the internet. From that information, we believe that all data may have been erased from the device without any patient data being accessed.”
Additionally, a protocol has been established to erase data from the device the next time it logs onto the internet.
Potentially affected patients will soon receive letters notifying them of the incident along with instructions to carefully review health insurance documents for evidence of misuse or identify theft.
The California hospital specifically advised impacted patients to review their Explanation of Benefits statements in case of any unusual behavior and to notify the hospital immediately if any issues arise. The hospital provided resources and contact information patients can use to seek help or voice concerns.
Washington health organization suffers email hack
Multicare Health System suffered an email hack on November 27, 2016 potentially affecting 1,200 patients, according to a KING5 news report.
The Washington health system has stated it has no evidence at this time that any patient personal health information was accessed or misused in any way, but potentially impacted patients will receive a mailed statement notifying them of the incident by February 2017.
Patients have been advised to review their Explanation of Benefits statements and remain vigilant to any signs of irregularities regarding their health insurance.
MultiCare hypothesized that an unauthorized individual gained access to an employee email account in November 2016. The emails likely contained personal patient information ranging from addresses to account balances.
The health system insisted financial information and Social Security numbers were not listed on the affected email account.
The email account has since been secured and the password has been changed. An investigation into the incident has been launched, and Multicare has provided contact information for patients concerned about the status of their information.