Rhode Island’s Lifespan Informs 20k Patients of Data Breach

Providence, R.I.-based Lifespan, the state’s first health system, is notifying patients about a theft of an employee’s laptop that may have contained sensitive patient information.

In February, several items were stolen from the employee’s car, including a MacBook laptop used by the employee for work purposes. Upon discovering the theft, the employee immediately contacted law enforcement and reported the incident to Lifespan. Lifespan then began an investigation and changed the employee’s credentials used to access Lifespan system resources out of an abundance of caution, the organization said in a statement.

The Providence Journal has reported that the healthcare organization “has notified about 20,000 patients of the theft of an employee’s laptop containing patient information.”

An investigation determined that the MacBook was unencrypted and not password protected, and the employee’s work emails stored on the MacBook were potentially accessible. It was also determined that the emails may have contained patient information, including name, medical record number, demographic information such as partial address information, and the names of one or more medications that were prescribed or administered at Lifespan. The information contained in the emails did not include patient Social Security numbers or financial information, nor did it include clinical information such as diagnosis. No medical records were stored on the MacBook, according to the provider.

Lifespan began mailing letters to affected individuals on April 21 and has established a call center to answer any questions. The organization said in a statement, “In order to help prevent a similar incident from reoccurring, we are re-educating our employees and enhancing our policies and procedures related to the security of MacBooks.”