St. Mary's Janesville Hospital, a 50-bed facility in Wisconsin, has notified 629 patients who received treatment from Jan. 1 to Aug. 26 of a data breach that occurred when an unencrypted laptop was stolen from an employee's vehicle.
The hospital determined that the information on the SSM Health Care laptop included some protected health information relating to medical visits. The information may have included patient name, date of birth, medical record and account numbers, provider and department of service, bed and room number, date and time of service, visit history, complaint, diagnosis, procedures, test results, vaccines—if administered—and medications. The laptop did not contain any Social Security numbers, addresses, credit card numbers, or financial information of any kind, according to St. Mary’s Janesville officials.
In a statement on its website, the facility said it has no reason to believe the laptop was stolen to gain access to patient information or that this information has been accessed or misused in any way. In fact, the computer was configured in such a way that information could not be written to the hard drive. E-mail information, however, was stored on the hard drive and password protected but not encrypted, which was in violation of St. Mary’s Janesville Hospital policy.
The hospital has partnered with ID Experts, an identity protection services company, for patient identity monitoring and protection. Through ID Experts, St. Mary’s Janesville has arranged for affected patients to opt for a one-year identity theft monitoring and protection at the hospital’s expense.