“The risk is relatively low” for identity theft because the records did not contain financial information, addresses or Social Security numbers, Chief Integrity Officer Jim Rush said. All of the 513 patients were in the Adult Sickle Cell Clinic and all have been notified, he said.
The laptop was used by a nurse practitioner who travels to other clinics in Georgia and had permission to have patient records on that computer. The laptop was not encrypted, however, a move that the school is now making to secure all similar devices, Rush said. The burglary occurred Jan. 18, and an investigation began then but it took a while to determine what information was on the stolen device, he said.
“It is kind of a time-consuming process,” Rush said.
The health system does not think it will affect the patients financially, he said.
“The risk is relatively low, given the data that is there,” Rush said. “There is no risk for any sort of identity theft or financial information impact.”
Because the theft involves more than 500 people, however, the federal government had to be notified of the breach, he said. It is the sixth, and smallest, security breach in Georgia since the new law took effect in late 2009, Rush said.