The confidential medical information of nearly 2,200 patients of a Boston hospital are at risk of being compromised after an employee on an business trip to Argentina lost a laptop containing the sensitive information.
In a statement to SecurityNewsDaily, Boston Children's Hospital said the lost computer contained a file with the names, medical record numbers, dates of birth, diagnoses, procedures and dates of surgery for 2,159 patients. The file containing the confidential data was sent to the staff member's laptop, which was password-protected, but not encrypted. It was not saved to the computer's hard drive, but was on the laptop in an email attachment.
"Boston Children's takes this incident and the protection of protected health and personal information extremely seriously," Daniel J. Nigrin, Boston Children's senior vice president for information services and chief information officer said in the notification, which the hospital has emailed to patients potentially impacted by the breach.
[How You're Putting Your Company At Risk for a Data Breach]
"We take great measures to ensure that Protected Health Information is never inadvertently released, and we are undertaking additional steps to prevent breaches such as this in the future," he added. "We deeply regret and apologize for any concern or inconvenience this situation may cause our patients and families.”
Boston Children's Hospital said the laptop, lost on a trip to Buenos Aires for a conference, contained no financial data or Social Security numbers.
This incident puts Boston Children's among the ranks of other major hospitals that have had to face the consequences of data breaches, cybercrime and human error. Last month, three Emory University hospitals admitted that 10 backup discs containing approximately 228,000 Social Security numbers, as well as large amounts of other data, were discovered missing from a hospital storage locker.