03:52 PM
How to Prep for Millennials Being the Decision Makers, Are You Ready?
Aug 30, 2016
Millennials know exactly what they want and expectations are high - very high. They are empowered ...Read More>>

Patient Records Exposed Through Government Laptop Theft

The stolen laptop contained research information from a six-year heart imaging study that involved about 2,500 patients.

Thousands of patient health records have been exposed after a government laptop was stolen.

The National Institutes of Health issued a statement Monday saying patients' information had been stored in a laptop that was stolen from an employee's car in January.

Elizabeth G. Nabel, M.D., Director of the National Heart, Lung, and Blood Institute (NHLBI) said that someone stole a laptop that a researcher had locked in the trunk of a car parked away from the NIH campus. The laptop theft appeared to be random, she said.

The computer contained research information from a six-year heart imaging study that involved about 2,500 patients and ended last year. The information includes patients' names, birth dates, hospital medical record numbers, measurements, and diagnoses, Nabel said.

"The laptop contained no additional medical information on participants beyond the MRI reports and no additional information such as social security numbers, addresses, phone numbers, or any financial information," she said in a statement "Although the laptop was turned off and password protected, so that retrieving the confidential information would require considerable computer sophistication, the NHLBI recognizes that such information should not have been stored in an unencrypted form on a laptop computer."

Police are investigating the theft. The NIH's information systems security experts said that, since it appears to be a random incident, "it is unlikely that participants' information was specifically targeted." They also believe the incident poses a low risk of identity theft or financial loss.

Nabel said the NIH is inspecting and encrypting all laptops to improve data security and prevent similar incidents from occurring. The Department of Health and Human Services and the Office of Management and Budget have policies mandating encryption. The NIH also plans to enforce computer security training requirements. Finally, the NIH has told employees and researchers never to keep patient names, identifiers, or medical records on laptops.

"When volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically," Nabel said. "We at the NHLBI take that trust very seriously and we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.