Indiana Hospital Notifies 29,000 Patients of Data Breach

Indiana’s Gibson General Hospital has mailed letters to approximately 29,000 patients informing them of the theft of a hospital laptop containing personal health information. The information may have included a patient's name, address, social security number and/or clinical information.

The 70-bed hospital says it took immediate steps to investigate and attempt to recover the laptop and to prevent further access to its information system via the laptop, which had security features in place, including password protection. The laptop was reported stolen, along with several other items, from an employee's home during a burglary on Nov. 27. It has not yet been recovered, but Gibson General Hospital administration continues to work closely with local law enforcement in their investigation.

"There is no evidence to believe that the data on the laptop was the target of the theft or that any information has been or will be accessed for fraudulent purposes," Emmett Schuster, Gibson General Hospital president and CEO said in a statement. "As a precautionary measure and part of Gibson General Hospital's commitment to protecting patient privacy, we are notifying all patients potentially impacted by the incident."

The laptop was used by a hospital employee whose job requires 24/7 access to the hospital's electronic medical records (EMR) system. Information accessed on that laptop may have automatically been saved to the laptop by the software utilized to perform those job duties. Without the laptop, the hospital is unable to determine with certainty whose information is affected.