Hospitals, Health IT

Texas rehab hospital’s stupidity causes patient data breach

Protected health information was stored on an unencrypted laptop that someone took out of the hospital and left in a personal vehicle. Seriously, people are still doing this?

It’s almost 2016, and yet we’re still seeing stories like this: A Texas rehab hospital has disclosed a potential patient data breach caused by sheer stupidity.

HealthSouth Rehabilitation Hospital of Round Rock, Texas, said Tuesday that it is notifying more than 1,300 patients that their personal data may have been compromised when a laptop was stolen from the car of an employee in October. The data, according to HealthSouth, was password-protected but not encrypted.

Let’s repeat: protected health information was stored on an unencrypted laptop that someone took out of the hospital and left in a personal vehicle. Seriously, people are still doing this?

According to HealthSouth, which took over the facility formerly known as Reliant Rehabilitation Hospital Central Texas on Oct. 1, the computer contained information including names, addresses, birth dates, Social Security numbers, insurance IDs, phone numbers, diagnoses, referral IDs and medical record numbers. HealthSouth said 1,359 people were affected, though the company said it has not seen evidence that their data was stolen or even accessed.

To be fair, Birmingham, Alabama-based HealthSouth noted that it has a companywide policy of encrypting the hard drives of all its laptops, so this one is on the former owners, Reliant Hospital Partners. HealthSouth agreed in June to buy Reliant and its 11 inpatient rehab facilities for $730 million.

“As part of HealthSouth’s post-acquisition integration process, all Reliant laptops were required to be returned and exchanged for encrypted HealthSouth laptops. The Reliant laptop at issue, however, was stolen before being returned to HealthSouth,” the company said in a press release.

The moral of this story? Encrypt your laptops. Duh!

Photo: Flickr user JD Hancock

Shares0
Shares0