Notice and Frequently Asked Questions about a recent laptop theft
Lucile Packard Children’s Hospital at Stanford and the Stanford University School of Medicine are notifying patients by mail that a password-protected laptop computer containing limited medical information on pediatric patients was stolen from a physician’s car away from campus on the night of January 9, 2013. The medical information on the stolen laptop was predominantly from 2009 and related to past care and research.
Immediately following discovery of the theft, Packard Children’s and the School of Medicine notified law enforcement and internal security and launched an aggressive investigation, which is still under way. There is no indication that any patient information has been accessed or compromised.
What medical information was on the laptop?
The information did not include financial or credit card information, nor did it contain Social Security numbers or any other marketable information. It did include names and dates of birth, basic medical descriptors, and medical record numbers, which are used only by the hospital to identify patients. In some cases, there was limited contact information.
How many patients were potentially affected?
We are providing outreach to approximately 57,000 patients, and we are assuring they are notified promptly.
How are potentially affected individuals being notified?
In addition to the mailed letters, a phone line has been established to answer any questions for those notified. The toll-free number is (855) 731-6016, and is available Monday through Friday from 6 a.m. to 6 p.m. PST. In addition, potentially affected individuals have been offered the option of free identity protection services.
How is the investigation proceeding?
We continue working diligently with law enforcement to recover the laptop.
Lucile Packard Children’s Hospital and the School of Medicine strive to be industry leaders in the area of medical information security. As a result of this incident, we are taking additional steps to further strengthen our policies and controls surrounding the protection of patient data.