Laptop theft puts 28,000 IDs at risk

MACOMB DAILY ^ | August 23, 2006 | Maryanne Kocis MacLeod

[APRPEH]

Beaumont Home Care is offering a reward for the recovery of a laptop computer stolen along with a Home Care nurse's vehicle Aug. 5 outside a home in Detroit. The vehicle was later recovered without the laptop.

The computer, taken with the car from the 9300 block of Agnes Street near McClellan and Jefferson, contained personal and health information from Home Care patients served during the previous three years.

"We have been working with the Detroit police in investigating the theft and attempting to recover the laptop," said Chris Hengstebeck, director of Security, Beaumont, Troy. "We deeply regret that the personal information of our Home Care patients may be at risk for exposure."

The stolen computer did not contain information regarding any other Beaumont patients; nor is centralized registration at risk of being exposed.

While there is no indication that Home Care patient records have been accessed or abused, Home Care patients are being encouraged to place fraud alerts on their credit reports.

"We are taking aggressive measures to protect their personal and health information and to lessen the impact of the computer theft on them," Hengstebeck stressed.

To that end, health care system has offered Home Care patients a free, 1-year enrollment with a major credit reporting service. A toll-free hot line, (800) 518-1996, and Web site have also been established to address patient questions and concerns.

In addition, there is no evidence that the computer was stolen based on any knowledge of its data contents, Beaumont officials stressed. Home Care laptop computers are encrypted and password protected.

In this case, however, the nurse's ID access code and password were with the laptop because of her status as a new employee in orientation.

Home Care staff use laptops to document patient names, addresses, birth dates, medical insurance information, Social Security numbers and personal health information related to their home care services.

The laptop in question is a Dell Latitude D-400 laptop, Serial #5MZ1F61, WBH Tag #218242 and was housed in a black nylon bag.

If you you have information leading to the laptop's recovery, call Hengstebeck at (248) 964-9970.

[APRPEH]

Other reports stated up to 28,473 id's were on the computer.

i once attended a professional training class. one of the participants was a home therapist who took files everyday for each patient. if the car were stolen, all the files except for those carried into the home of the patient were gone. this would be a much smaller number but what is the difference other than the number involved than a computer heist?

id theft info available on my FR profile page

[coloradan]

This keeps happening. Just exactly what would it take to get people to encrypt data with strong encryption, e.g. PGP? It takes seconds to do, and seconds to undo (if you know the password).

[NautiNurse]

Indeed, this is happening with great frequency. In this case, encryption is compromised because the new employee kept the password with the computer. I imagine plenty of staff keep their passwords on the hard drive too.

[theDentist]

Agreed. Unfortunately these damn companies and organizations don't want to spend a few dollars on excryption, or the time inputting a password. After all, it's not THEIR name and soc security and account numbers on the laptops.

I hate to go to the gov't for a solution, but it seems that there should be a law that any entity that has client personal info of that sort should be required to use PGP, required to alert authorities and all customers of such a theft. And if PGP is not used, a $1000 fine for each name/ss number on the laptop.

In fact, when the Gov't decied SS numbers can be used by non-gov't entities, wasn't there a portion of the law requiring that they are strictly protected?

[phathead296]

The contents of the laptop were encrypted, but apparently new employees are allowed to carry around their username and password written on a piece of paper with the laptop. Read the article again, and you'll see that little gem. Does no one at that company understand password security?

I have a laptop with thousands of names, addresses, and SSNs on it. Unfortunately, I need it for work. It makes me very uncomfortable to have it. It is encrypted, and I take it with me everywhere, i.e. I don't leave it in my car for any length of time. I don't want to become one of these stories in the future.

[NautiNurse]

Current HIPAA Violation Privacy penalties:

[SPRINK]

Shoulda used Taceo by Essential Security on the lap top...
great product

[MaggieCarta]

In this case, however, the nurse's ID access code and password were with the laptop because of her status as a new employee in orientation.

And, where, pray tell, was this nurse's mentor or preceptor or whatever they're called now? If the nurse is that new, that she still has her ID code prominently displayed, why is she allowed off on her own?

Something is wrong with this story...Hope someone is checking out this new nurse...and the person that was supposed to be supervising her

[MaggieCarta]

Nothing to see here folks...according to the press room at www.beaumont.edu:

"Beaumont has recovered the laptop computer that was stolen with a Home Care nurse's car on Aug. 5 in Detroit. The computer's hard drive was examined by an independent forensic computer expert and it has been determined that patient information on the computer was not accessed during the time it was missing.

"We are so relieved to recover the laptop so that we can put our patients' minds at rest," says Chris Hengstebeck, director of Security at Beaumont Hospital in Troy. "And we are relieved that no one's personal or medical information was accessed... (snip) more at this site

Or, is this a different theft?

[APRPEH]

looks the same to me. thanks for the follow up..

[MaggieCarta]

You're welcome.