The hospital stressed that the computer hard drives contained no electronic medical records or financial information. Only one
The hospital notified 1,208 patients of the data breach in a letter dated
Friberg said the delay involved the time that information-technology workers needed to reconstruct what was on the hard drives of the stolen computers. He said a general warning was not issued immediately because the information on the computers could not lead to identity theft.
"The sense of urgency wasn't as great than it would be if this were financial or information from medical records," Friberg said.
Friberg said the computer work stations were in the car of an
He said the car was parked in
The stolen information included 20 emails, which contained the most sensitive data. Some of the emails included names along with information such as date of service, date of birth, address, telephone number and billing codes.The other names were on three spreadsheets. Some contained as little as patient name and date of service. Other spreadsheets included patient name, date of service and either a billing code or an internal record number that could indicate what physician the patient saw.Friberg said all the providers were primary care physicians, so the data could not be used to make an assumption about what kind of care the patient was receiving.Elliot has taken several steps to tighten computer security, Friberg said. PCs will no longer auto-archive data in the individual hard drive; rather, data will be archived centrally. And the hospital will roll out an encryption system for all PCs, rather than the laptops and notebooks that are now encrypted.Friberg said he did not want to identify the two
(c)2014 The New Hampshire Union Leader (Manchester, N.H.)
Visit The New Hampshire Union Leader (Manchester, N.H.) at www.unionleader.com
Distributed by MCT Information Services