Another stolen laptop, another breach

This is another case of a breach that shouldn't have happened but did. An unencrypted laptop which was stolen from an employee's home has led to a breach of information on 12,500 patients at Shands HealthCare in Gainesville, Fla.

The story is very familiar, but it is getting very old. A Shands employee downloaded the health information onto an unencrypted Shands-owned laptop at home for work-related purposes, the provider organization reported. It contained the Social Security numbers of about 650 people. The laptop also contained other information such as names, addresses, medical records and medical procedures.

The laptop was stolen on Jan. 27 when the employee's home was burglarized. The worker reported the theft immediately to the police, and Shands opened its own investigation into the extent of the damage.

There's no evidence that confidential information on the laptop has been used for fraudulent purposes. But in a cautious response, the company sent letters to those individuals whose information was on the laptop, giving them instructions on what they should be doing--looking for unusual activities on their credit cards and at their banks.

The theft has prompted Shands to get more proactive about protecting its data. It's launched a systemwide encryption initiative to better protect the health information it is responsible for.

This is a classic case of what can go wrong when employees take their work home, when data is not encrypted and when a theft occurs. It's a good lesson for any organization to impose strict requirements before letting it's workers walk out the door with confidential data.

For more on this breach:
- see this HealthcareInfoSecurity.com article

Related Articles:
Bad account management leads to breaches
A plea in the massive Heartland breach case
Heartland's CEO: Lessons from a bad data breach
What to do after a data breach