Providence, R.I.-based Lifespan notified patients on April 21 about a potential breach of personal information, including names, medical record numbers, demographic information and medication prescriptions.
The privacy breach occurred when a Lifespan employee's car was broken into on Feb. 25. Several items were stolen, including a MacBook laptop the employee used for work purposes. The employee immediately contacted law enforcement and reported the theft to Lifespan, which launched an investigation and changed the employee's Lifespan system credentials.
Investigators found the stolen laptop was unencrypted and not password protected, meaning the employee's work emails were potentially accessible. These emails did not include patient Social Security numbers, financial information or medical records.
Lifespan notified about 20,000 affected patients, according to a statement emailed to Becker's Hospital Review.
"To date, Lifespan has no indication that any patient information has been accessed or used by anyone as a result of this incident," according to the statement. "Lifespan is committed to protecting the security and confidentiality of our patients' information, and we deeply regret this incident occurred."
Lifespan established a call center for patients to reach out with questions or concerns. The health system is also re-educating its employees and updating its policies related to MacBook security.
Click here to view Lifespan's online notice.