Medical information, Social Security numbers and other private data of about 2,800 Northwestern Memorial Healthcare patients were on an employee’s laptop stolen in October, the hospital said Friday.
The hospital said it discovered on Oct. 21 that the unencrypted computer was inside an employee’s car stolen on the same date.
Patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, treatment information, and some limited cases, Social Security numbers may have been on the computer, according to a forensic analysis carried out by an outside consultant, the hospital said.
Credit card and bank account information were not on the laptop.
The hospital said it already had an encryption program in place and “is taking steps to confirm and ensure the encryption of all laptop devices as well as reinforcing education with its staff on the importance of handling patients’ information securely,” according to a news release.
The hospital did not say if there was any evidence the data has been misused.
It did say letters are being sent to notify the affected patients.
It was not the first time the hospital has lost track of its computers.
In 2012, six laptops and tablets were stolen from Northwestern that also contained unencrypted private data of at least 500 hospice patients.
Also in 2012, an employee of Northwestern Memorial Hospital was charged with identity theft after credit card numbers, Social Security numbers and birth dates of more than 50 Northwestern patients were recovered from the employees home.
The employee allegedly used the information to pay her personal bills, according to news reports.