Complain about a product or service

Emory Healthcare Laptop Stolen

Thieves Get Data on 38,000 Patients

By Martin H. Bosworth
ConsumerAffairs.com

January 8, 2006

Data Theft • Thieves Steal AT&T Laptop with Employee Data • Report: Data Breach Disclosure Laws Don't Affect Identity Theft • Patient Information Exposed in Data Breach at Walter Reed • Supermarket Chain Reports Data Breach • Report: Feds Still Not Doing Enough To Secure Data • Data Thieves Hit Georgetown University Students, Faculty • 800,000 Job Seekers At Risk In Gap Data Breach • TJX Data Breach Settlement Has Strings Attached • More ...

In the first data breach announcement of 2007, Georgia-based Emory Healthcare reports that a computer containing information on 38,000 of its patients was stolen from the offices of an Ohio company contracted to provide services for Emory.

The company said the theft took place on Nov. 23rd, but letters informing patients of the theft were not mailed out until Dec. 20th.

The missing laptop contained information on patients who had been treated for cancer at Emory Hospital, Emory Crawford Long Hospital, and Grady Memorial Hospital. The data included names, addresses, and Social Security numbers.

Hospitals in other states were affected as well, including Geisinger Health System in Pennsylvania, and Williamson Medical Center near Nashville, Tennessee. The laptop contained data on 25,000 Geisinger patients.

The contracting company, Electronic Registry Systems (ERS), was managing the collection of data on cancer patients under regulations governed by the Health Insurance Portability and Accountability Act (HIPAA).

Ohio police, ERS, and Emory Healthcare all rushed to claim that the theft was random and the data on the laptop was secure. Emory officials said that the data was "double-password protected" and that the laptop had "multiple layers of security."

Springdale, Ohio police lieutenant Mike Mathis told the Atlanta Journal-Constitution that he saw no evidence that identity theft was a motive for the crime.

However, the thieves were apparently quite determined. They broke into a third-story window and then broke down the doors of several offices, making off with the missing laptop and another computer as well.

Black Market for Medical Records

The theft of patients' medical records is a growing concern, particularly as these records can be used to engage in "medical identity theft."

Criminals can use stolen medical data to create new identities for themselves, mixing and matching names and Social Security numbers in order to escape fraud detection.

Thieves can use these new identities not only to obtain credit and loans, but to get expensive medical procedures that they might not have otherwise been able to afford, running up thousands in debt in the process.

Loopholes in HIPAA and state medical privacy laws can make it extraordinarily difficult to correct errors in medical billing records.

Patients who have been hit with medical identity theft can find their insurance premiums skyrocketing, and can face large medical bills for procedures they never had.

Disgruntled workers at companies that are supporting medical providers can easily help criminals get access to medical records, or wreak havoc on internal systems that could end up erasing or destroying patients' data.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.