Stolen laptop leads to breach notification for 20,000 Lifespan patients
Providence-based Lifespan, Rhode Island's largest health network, has notified about 20,000 of its patients that a laptop theft may have exposed their sensitive information.
The health organization said an employee's MacBook was taken after a car break-in on Feb. 25. The employee immediately contacted both law enforcement and Lifespan officials, who were able to change the employee’s credentials used to access Lifespan system resources.
The computer was unencrypted, and was not password protected, an investigation found – leaving the employee's work emails potentially accessible.
"Our investigation has determined that the emails may have contained patient information, including name, medical record number, demographic information such as partial address information, and the names of one or more medications that were prescribed or administered at Lifespan," officials said.
"The information contained in the emails did not include patient Social Security numbers or financial information, nor did it include clinical information such as diagnosis," they added. "No medical records were stored on the MacBook."
The health system said it is "re-educating our employees and enhancing our policies and procedures related to the security of MacBooks" in order to "help prevent a similar incident from reoccurring."