M.D. Anderson Cancer Center Reports Data Breach

cybercrimeHouston-based University of Texas M.D. Anderson Cancer Center announced last week that a laptop computer containing patient data was stolen from a physician’s home in April.  The unencrypted computer held information, including names, medical records numbers, treatment and research information, and even some Social Security Numbers, from almost 30,000 patients.

M.D. Anderson learned of the theft on May 1 and immediately began an investigation to determine what information was contained on the computer, notifying patients once that analysis was complete.  The information does not appear to be consistent among all the patients’ records. There is also an ongoing criminal investigation into the theft of the laptop.  M.D. Anderson began sending notification letters late last week to patients who may have been affected, and it is offering call center support to all affected patients and credit monitoring services to those whose Social Security numbers were stored on the computer.

It is critical that patients’ Protected Health Information (PHI) from Electronic Medical Records software and medical billing software is encrypted and protected in compliance with HIPAA rules.  Microwize Technology’s health IT consultants can help.