Montefiore Medical Center in New York is notifying 39,000 patients about two recent incidents involving the theft of unencrypted desktop computers containing personal information.
During the weekend of May 22, two computers were stolen from the Bronx hospital’s finance department. The devices included personal information on about 16,000 Medicare and Medicaid patients, including, in some cases, Social Security numbers, dates of birth and insurance information.
In the second incident, three desktop computers were stolen from Montefiore’s school health program administrative offices after close of business June 9. Those computers contained personal information on about 23,000 students enrolled in the health program, but did not include Social Security numbers.
“We are implementing additional measures to further maximize the security of patient information,” the hospital said in a statement on its website. The spokesman, however, declined to specify whether those measures included encryption.
Earlier, the hospital reported a Feb. 20 laptop theft that affected 625 patients. That incident is listed on the Department of Health and Human Service’s tally of major breaches. But the latest incidents, which the hospital says it reported to federal authorities as required under the HITECH breach notification rule, had not yet been posted as of the morning of Aug. 2.