Archives

Laptop Stolen from Hospital

June 1, 2014

LucilePackardChildrensHospitalLogo

The incident was reported to the hospital by an employee on May 8, 2013. A password-protected, non-functional laptop containing limited medical information on pediatric patients was stolen from a secured, badge-access controlled area of the hospital. Immediately following discovery of the theft, Packard Children’s launched an aggressive and ongoing investigation with security and law enforcement.

To date, there is no evidence that any pediatric patient data has been accessed by an unauthorized person or otherwise compromised.

The computer was outdated and damaged, thus on a schedule for collection by information technologists. Despite a law enforcement investigation, in collaboration with the Stanford Department of Public Safety and Hospital Security, the laptop has not been recovered yet.

The information that could potentially have been on the stolen computer relates to some operating room schedules over a three-year period beginning in 2009. Although Packard Children’s is not certain which operating schedules would have been on the computer, out of an abundance of caution, 12,900 potentially affected patients are being notified by mail, though there is no indication any patient information has been accessed or compromised.

The information did not include financial or credit card information, nor did it contain Social Security numbers, insurance numbers or any other marketable information. The information on the operating room schedule that potentially could have transferred to the computer would have been patient name, age, medical record number, telephone number, scheduled surgical procedure, and names of physicians involved in the procedure.

The hospital is offering a year of identity theft protection at no cost to potentially-affected families that wish to have it, and is establishing a call center to answer questions from families. The toll-free number is (855) 683-1168, and is available Monday through Saturday from 6 a.m. to 6 p.m. PST.

Lucile Packard Children’s Hospital strives to be an industry leader in the area of medical information security. As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data to reduce the chance that an incident of this type will happen again.

NASA sold computers with sensitive data, report says

January 1, 2014

(Reuters, 2010) – NASA failed to delete sensitive data on computers and hard drives before selling the equipment as part of its plan to end the Space Shuttle program, an audit released on Tuesday shows.

NASA is getting rid of thousands of surplus items as it prepares to end the space shuttle program next year.

The Office of Inspector General found what it termed “serious” security breaches at NASA centers in Florida, Texas, California and Virginia.

“Our review found serious breaches in NASA’s IT (information technology) security practices that could lead to the improper release of sensitive information related to the Space Shuttle and other NASA programs,” NASA Inspector General Paul Martin said in a statement. “NASA needs to take coordinated and forceful actions to address this problem.”

The report cites 14 computers from the Kennedy Space Center that failed tests to determine if they were sanitized of sensitive information, 10 of which already had been released to the public. It also found that hard drives were missing from Kennedy and from the Langley Research Center in Virginia. Some of the Kennedy hard drives were later found inside a dumpster, where they were being stored before sale, that was accessible to the public, the audit says.

Investigators also found several pallets of computers being prepared for sale that were marked with NASA Internet Protocol addresses, which the report said could help hackers gain access to the NASA internal computer network. (Editing by Greg McCune)

Don’t allow your data to fall into the wrong hands. Demand certified drive sanitization and destruction. Demand Maxxum. We can help you build a comprehensive, cost-effective risk-management program that:

  • Eliminates potential data and environmental breaches, and
  • Offers a secure, documented chain of custody that mitigates liability