Stolen laptop leads to breach notification for 20,000 Lifespan patients

The MacBook, which was not encrypted or password-protected, contained emails with names, medical record numbers, partial address information, medications and more.
By Mike Miliard
03:19 PM

Providence-based Lifespan, Rhode Island's largest health network, has notified about 20,000 of its patients that a laptop theft may have exposed their sensitive information.

The health organization said an employee's MacBook was taken after a car break-in on Feb. 25. The employee immediately contacted both law enforcement and Lifespan officials, who were able to change the employee’s credentials used to access Lifespan system resources.

The computer was unencrypted, and was not password protected, an investigation found – leaving the employee's work emails potentially accessible.

[Also: Too many healthcare employees would share sensitive data]

"Our investigation has determined that the emails may have contained patient information, including name, medical record number, demographic information such as partial address information, and the names of one or more medications that were prescribed or administered at Lifespan," officials said.

"The information contained in the emails did not include patient Social Security numbers or financial information, nor did it include clinical information such as diagnosis," they added. "No medical records were stored on the MacBook."

The health system said it is "re-educating our employees and enhancing our policies and procedures related to the security of MacBooks" in order to "help prevent a similar incident from reoccurring."

Twitter: @MikeMiliardHITN
Email the writer:

Like Healthcare IT News on Facebook and LinkedIn