A laptop stolen from an employee at a Houston, Texas, cancer hospital has put as many as 30,000 patients at risk of identity theft.
The University of Texas MD Anderson Cancer Center issued a security advisory yesterday (June 28) explaining that on April 30, an unencrypted laptop was stolen from a physician's home. The faculty member notified police, and MD Anderson, alerted to the theft the following day, began an investigation into the breach.
"We have confirmed that the laptop may have contained some of our patients' personal information, including patients' names, medical record numbers, treatment and/or research information, and in some instances Social Security numbers," MD Anderson said.
MD Anderson is the second major cancer center in the U.S. to fall victim to a recent security breach; last week, Memorial Sloan-Kettering Cancer Center in New York began notifying patients that their medical records and Social Security numbers may have been compromised. In the past year, several hospitals and colleges, including Yale and Columbia University, have been hit by data breaches that put large populations of people at risk.
According to the Houston Business Journal, Social Security numbers for about one-third of the hospital's patients (about 10,000) were stored on the stolen MD Anderson laptop. The cancer treatment hospital said it has "no reason to believe" that the computer, which is still missing, "was stolen for the information that it contained." MD Anderson said police have launched a criminal investigation and are working to locate the laptop.