The laptop, which was lost by a hospital employee while at a conference in Buenos Aires, may have contained the names, medical records, birth dates, diagnoses, and procedure dates for 2,159 patients.
The information was contained in an email that was downloaded to the laptop, which was password protected but not encrypted, according to a hospital statement cited by the Boston Globe newspaper.
“The reported breach of 2,159 sensitive medical records of Boston Children's Hospital patients on a lost laptop is, unfortunately, the kind of story we've been hearing all too frequently from the health care sector. There have been numerous recent cases across the country involving lost or stolen laptops, missing backup media, and poorly secured health record databases involving tens, even hundreds of thousands of records”, commented Neil Roiter, research director at Corero Network Security.
“Health care providers must take extreme care in the handling of sensitive data on laptops, mobile devices, or removable storage of any type. As a matter of policy and procedure, they should avoid storing large numbers of records on these devices, especially if they are allowed off-premises. Laptops and other portable devices are lost or stolen with alarming frequency, and one has to wonder how many other records may be potentially at risk, waiting for a USB memory drive to be left on a coffee shop counter or a laptop forgotten in the back of a taxi at the airport”, he added.