news-record.com

NEWS

Advertisement | Advertise with Us

Stolen laptop has information on 14,000 Moses Cone patients

Tuesday, April 14, 2009

(Updated 12:09 pm)

By Joe Killian
Staff Writer

GREENSBORO — Personal information from more than 14,000 Moses Cone Health System patients might have been compromised after a laptop computer was stolen, hospital officials said Monday.

The computer contained information about cardiology and orthopedic patients treated at Moses Cone Memorial Hospital or Wesley Long Community Hospital from February 2004 to February 2009. In some cases Social Security numbers were included.

The laptop was stolen from a vendor in Georgia on March 9, Moses Cone officials said. The hospital was alerted March 13 and waited a month to make the theft public and begin informing patients. Hospital employees were alerted to the theft in an e-mail Monday morning.

Lynne Matthews, compliance and privacy officer for Moses Cone Health System, said the hospital regrets the delay in informing employees and the public. She said they wanted to mail specific information to affected patients and have a Web site ready to serve them before making an announcement about the theft.

“This is the first time anything like this has happened here,” Matthews said. “We take great care to keep our patient information safe.”

Matthews said an outside vendor, VHA, was reviewing the information to help the hospital improve care and reduce costs. The computer was stolen from the VHA facility in Canton, Ga.

Canton police and hospital officials said they believe the computer — and other equipment — was stolen for money and not for the purposes of identity theft. The computer was password-protected but was not encrypted, Matthews said.

“The information was stored in a very sophisticated program someone would have to know how to use in order to make sense of it,” Matthews said. “It took us two days to get the information put together so we could use it, and we knew what we were doing.”

Officials at Moses Cone would not comment on which patients were affected, citing federal privacy laws. The hospital has mailed letters to the affected patients, offering one free year of credit monitoring and insurance protection against identity theft by CSIdentity Protector Service. Matthews said affected patients should receive letters by April 20. Hospital officials said those with questions or concerns should call CSIdentity Services at (877) 274-1430.

“I just don’t know why they would have let that information leave the hospital, or leave the secure hospital computer,” said Jeffrey Marlin, a Greensboro man who said he was an orthopedic patient at Moses Cone last summer. “If you can’t figure out a better way to treat patient information and Social Security numbers than to put them on a laptop and carry them around, you don’t have real security.”

Marlin said he isn’t yet sure if his information was compromised but said he was angry that the hospital waited a month to let patients know there was a danger.

“These days, when people have your medical records and your Social Security number, a month is like a year,” Marlin said. “You can’t leave people in the dark that way.”

Contact Joe Killian at 373-7023 or joe.killian@news-record.com

Accompanying Photos

Photo Caption: Moses Cone Hospital

What do you think?

11 comment(s)

Read other visitors' comments.

Comments

This article has been closed to new comments. Comments are generally closed after 14 days. However, comments may be closed earlier at the discretion of the News & Record.

Inappropriate content? Please notify us.

Paul J

April 13, 2009 - 12:28 pm EDT

Why would this info be on a laptop anyway. Should be on the mainframe.

Lakeshia

April 13, 2009 - 12:56 pm EDT

Maybe someone will turn this stolen laptop in to be recycled - next Saturday & Sunday at Earth Fare on Battleground you can turn your computer in for recycling -

kikablue

April 13, 2009 - 4:54 pm EDT

GOOD HEAVENS ARE YOU REALLY THAT DIM WITTED.

Panacea

April 13, 2009 - 2:08 pm EDT

The article said why the info was on the laptop and not a mainframe: they took the data to a third party vendor to analyze ways to reduce health care costs. Legit.

Whoever stole it will probably wipe the hard drive right away.

Why doesn't anyone install LoJack on their laptops if they have sensitive data on it?

Paul J

April 13, 2009 - 2:50 pm EDT

Get real. Why would they need patient personal info to analyze cost reduction. You look at procedures
not personal info. Besides it would have all fit on a flash drive or two.

ticked1

April 22, 2009 - 3:06 pm EDT

HIPAA requires "patient identifying data" to be kept separate from medical data. That means that each persons name, address, date of birth and social security number should NEVER have been in the same file as their medical data. There is in fact no need and no reason for this to have happened. This is a HUGE HIPAA violation and they know it, trust me. They have 14 thousand pissed off patients that will be talking to their lawyers. I hope they shut the place down.

Shadowprincess

April 13, 2009 - 3:58 pm EDT

Kudos to Paul J. Why was PERSONAL information on 14,000 patients given to a third party vendor???? This is the ultimate in negligence and a far cry from protecting anyones privacy. Stolen laptop or not, personal information should not and did not need to be included in a business analysis. This is a major screw up and I hope the people who were compromised demand more than free credit monitoring. What a joke!

notoriousBLOG

April 14, 2009 - 9:12 am EDT

They carried (shipped?) the computer to this company with all this info on it and it was left unattended along with the other items that were stolen. More great work from Moses Cone Hospital. Another reason that I travel to Winston-Salem for any medical procedures.

starfleet

April 17, 2009 - 5:41 pm EDT

ID thief sells personal information..arranges to of all things leave a lap top with the personal information (not his or hers) in an attended car...opps..low and behold the lap top grows legs and walks away. How many times have we heard the same tired..(LIE) / "M.O" ?

Who is the vendor ??..What was he / she doing with the lap top in of all places, Atlanta ?

Was there a tracking device on the lap top ?...Whos job is it to keep track of these things ?

What will happen to the negligent parties ?

Last year the NC Dept of revenue..same nonsense !

If these guys are going to continue to sell our persoanl information to the highest bidder..The least they could do is to come up with a better lie ?