Town Square

Post a New Topic

Packard Hospital pediatric medical info stolen

Original post made on Jan 21, 2013

A laptop computer containing limited medical information on pediatric patients was stolen from a physician's car on the night of Jan. 9, Lucile Packard Children's Hospital has reported.

Read the full story here Web Link posted Monday, January 21, 2013, 10:07 AM

Comments (10)

Posted by security, a resident of Adobe-Meadows
on Jan 21, 2013 at 10:25 am

Was the data encrypted as well as password protected? Passwords only protect you from casual theft. Private data needs to be encrypted as well.


Posted by Wondering?, a resident of Another Palo Alto neighborhood
on Jan 21, 2013 at 12:46 pm

> "As a result of this incident, we are taking additional steps to
> further strengthen our policies and controls surrounding the
> protection of patient data,

Isn't this the same thing Stanford Medical IT officials said the last time this happened? Clearly not releasing personal information in data that is going to be used by researchers does not seem to be something that they can do, or believe needs to be done. Or encrypting that information. Certainly internal ID numbers can be used to relate encrypted data to contact information kept on supposedly secure servers (which also should be encrypted).

Stanford IT people clearly understand that issuing a press release is a lot less work than coming up with a security regime for patient data that actually works.


Posted by former packard nurse, a resident of Charleston Gardens
on Jan 21, 2013 at 12:51 pm

so why was it left in the car?


Posted by legality, a resident of Embarcadero Oaks/Leland
on Jan 21, 2013 at 1:07 pm

This needs to be a law. So much effort into HIPPA measures, yet it's ok to keep personal info on a laptop that then leaves the security of the workplace. My law: If you have confidential personal info regarding clients on a laptop, that laptop stays at work. It doesn't belong in your car while you go eat or shop. With identity theft on the rise and quite a pain (financially and otherwise) for those who have been victimized, this should not be allowed!

Companies place security measures on protecting their own proprietary info, yet the clients are left on their own....


Posted by MM, a resident of Another Palo Alto neighborhood
on Jan 21, 2013 at 1:34 pm

My spouse's workplace contacted us and said a laptop with employee personal data had been stolen -- like you, I can't believe a laptop with that info would leave the workplace! Now they're required to have encrypted data, and almost no one (even those who don't have any personnel info) is allowed to take laptops home!

Password protection means nothing. All you have to do is boot the computer in target mode and take the data (or whatever the pc filesharing equivalent is). Security is right, if the data isn't encrypted, the password isn't going to protect the data from even a casual thief.

People should be aware that their medical information isn't well protected anyway -- unless of course, a patient wants to collect all of it for their own records, then it's a real slog.


Posted by Estupido, a resident of Palo Alto High School
on Jan 21, 2013 at 3:07 pm

That was really stupid of someone to leave it in a car! My husband left his in the covered hatchback of his locked car, and when he returned half an hour later, it was gone, and the hatchback was open.

The police said that crooks now have technology to capture the lock signal from your electronic key when you lock your car, so they no longer have to smash the windows to break into a locked car.

The advice from the Santa Clara PD: always, always take your laptop, phone, or tablet with you, even for two minutes!


Posted by palo alto mom, a resident of Embarcadero Oaks/Leland
on Jan 21, 2013 at 4:02 pm

Ironic that we are blocked from accessing online info for our own children if they are 14-17, yet a physician can bring it home on his laptop!


Posted by Bob, a resident of Midtown
on Jan 21, 2013 at 6:01 pm

Laptops with personal information on them need to have full disk encryption (FDE). That is, the whole disk needs to be encrypted. Logins passwords are not adequate to protect this kind of data. FDE is available from several vendors.

I would think that Lucile Packard Children's Hospital is liable for not having the laptop encrypted.


Posted by Stanford Patient, a resident of Stanford
on Jan 22, 2013 at 6:58 pm

I called the Stanford Privacy office and they REFUSED to explain why patient data was on a laptop, who the physician was (male, but all they would say), and what he was doing with private data. The guy even went so far as to say that he knew the physician was "authorized" to have the data, but then backtracked and said that he had no idea who the laptop belonged to, or why info was on it, or what that physician was doing with it. But we're supposed to take his word that whomever had the data was "authorized." This is so unacceptable.


Posted by concerned about Stanford, a resident of Old Palo Alto
on Feb 4, 2013 at 10:11 am

I'm not computer whiz, but it seems like Stanford has been paying lip service to security. Four security breaches in last year or so? And they say now they;re "redoubling" their efforts to get laptops encrypted? Here we are in the high tech world of Silicon Valley, and Stanford can't remotely wipe data off computers? Computers have been stolen from hospital offices, from homes. I hear only now are they locking doctor's office doors at night! Stanford, get with it. I think my daughter's PA school computer has better security and tracking that Stanford.


If you were a member and logged in you could track comments from this story.

Post a comment

Posting an item on Town Square is simple and requires no registration. Just complete this form and hit "submit" and your topic will appear online. Please be respectful and truthful in your postings so Town Square will continue to be a thoughtful gathering place for sharing community information and opinion. All postings are subject to our TERMS OF USE, and may be deleted if deemed inappropriate by our staff.

We prefer that you use your real name, but you may use any "member" name you wish.

Name: *

Select your neighborhood or school community: * Not sure?

Comment: *

Verification code: *
Enter the verification code exactly as shown, using capital and lowercase letters, in the multi-colored box.

*Required Fields

Veggie Grill coming soon to Mountain View's San Antonio Center
By Elena Kadvany | 25 comments | 3,748 views

The Dude Abides
By Laura Stec | 4 comments | 1,559 views

. . . Loved in Spite of Ourselves
By Chandrama Anderson | 0 comments | 1,540 views

A memorable Paly prom
By Sally Torbey | 7 comments | 1,252 views

Passover Joke
By Paul Losch | 6 comments | 464 views