A laptop containing personal and medical information for almost 1,900 Southern Illinois University HealthCare patients apparently was stolen from a doctor’s private office at Memorial Medical Center.
Southern Illinois University School of Medicine doesn’t have any indication that the information has been used by identity thieves, spokeswoman Karen Carlson said.
But all affected patients are being informed about the largest potential breach of its kind involving patient data at SIU, she said.
SIU is working with the Springfield Police Department to locate the SIU laptop, which former SIU orthopedic surgeon Dr. Mark McAndrew had been using to record data for billing purposes, according to Dr. Jerry Kruse, SIU HealthCare chief executive officer.
“SIU Healthcare understands the critical importance of personal information privacy and doctor/patient confidentiality, and we sincerely apologize that this privacy incident occurred,” Kruse said.
SIU HealthCare, the multi-specialty physician group at the Springfield-based medical school, is “reviewing security and privacy policies. The privacy of our patients is of the utmost importance to us, and we are deeply sorry this has happened” he said.
Data on the laptop may have included patients’ full names, dates of birth, ages, admission dates, medical record numbers, diagnoses, procedural codes and some health information about the treatment they received.
The laptop didn’t contain Social Security numbers, addresses, health-insurance policy numbers, credit card numbers or other financial data, Kruse said.
SIU mailed letters late last week to all 1,891 patients whose data were on the laptop.
SIU waited until now to mail the letters and inform the public because officials were beginning an investigation and trying to verify whether the laptop simply had been misplaced, Kruse said.
The laptop turned up missing Oct. 15 during a check of materials in McAndrew’s former administrative office, Kruse said. The office had remained locked on the second floor of Memorial, Carlson said.
SIU then checked with McAndrew, 60, who resigned from the faculty in mid-September to join the U.S. Army and become part of the Army’s trauma training center in Florida, but he didn’t have the laptop, Kruse said.
SIU reported the apparent theft to Springfield police and SIU police, but they have no leads on the equipment’s whereabouts or who may have taken it, Carlson said.
When the laptop was confirmed missing, SIU already had begun looking at tightening policies dealing with patient information stored on doctors’ mobile devices. The apparent theft of the laptop underscores the importance of such policies, Kruse said.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.