The University of Texas MD Anderson Cancer Center, a Houston-based institution, has announced that a computer containing patient and research information was stolen from a physician's home on April 30. The computer contained patient information, including names, medical record numbers, treatment and/or research information, and, in some instances, Social Security numbers.
After learning of the theft on May 1, MD Anderson immediately said it began its investigation, including working with outside forensics experts, to determine the information contained on the computer. The physician reportedly notified the police immediately and MD Anderson says there is an ongoing criminal investigation into the theft.
According to the institution, MD Anderson worked with forensics experts to recreate the information that was on the stolen computer, and after analysis MD Anderson notified patients as soon as it was able. The hospital says it has no reason to believe that the computer was stolen for the information it contained, since other items were also stolen from the employee's home.
MD Anderson began mailing notification letters on June 28 to patients who may have been affected. It is offering credit monitoring services for those whose Social Security numbers were included in the data and providing call center support to all affected. More information can be found here. The hospital says it has taken steps to help prevent this from happening in the future, including accelerating efforts to encrypt all MD Anderson computers.