Town Square

Post a New Topic

Packard Hospital pediatric medical info stolen

Original post made on Jan 21, 2013

A laptop computer containing limited medical information on pediatric patients was stolen from a physician's car on the night of Jan. 9, Lucile Packard Children's Hospital has reported.

Read the full story here Web Link posted Monday, January 21, 2013, 10:07 AM

Comments (10)

Like this comment
Posted by security
a resident of Adobe-Meadow
on Jan 21, 2013 at 10:25 am

Was the data encrypted as well as password protected? Passwords only protect you from casual theft. Private data needs to be encrypted as well.

Like this comment
Posted by Wondering?
a resident of Another Palo Alto neighborhood
on Jan 21, 2013 at 12:46 pm

> "As a result of this incident, we are taking additional steps to
> further strengthen our policies and controls surrounding the
> protection of patient data,

Isn't this the same thing Stanford Medical IT officials said the last time this happened? Clearly not releasing personal information in data that is going to be used by researchers does not seem to be something that they can do, or believe needs to be done. Or encrypting that information. Certainly internal ID numbers can be used to relate encrypted data to contact information kept on supposedly secure servers (which also should be encrypted).

Stanford IT people clearly understand that issuing a press release is a lot less work than coming up with a security regime for patient data that actually works.

Like this comment
Posted by former packard nurse
a resident of Charleston Gardens
on Jan 21, 2013 at 12:51 pm

so why was it left in the car?

Like this comment
Posted by legality
a resident of Embarcadero Oaks/Leland
on Jan 21, 2013 at 1:07 pm

This needs to be a law. So much effort into HIPPA measures, yet it's ok to keep personal info on a laptop that then leaves the security of the workplace. My law: If you have confidential personal info regarding clients on a laptop, that laptop stays at work. It doesn't belong in your car while you go eat or shop. With identity theft on the rise and quite a pain (financially and otherwise) for those who have been victimized, this should not be allowed!

Companies place security measures on protecting their own proprietary info, yet the clients are left on their own....

Like this comment
Posted by MM
a resident of Another Palo Alto neighborhood
on Jan 21, 2013 at 1:34 pm

My spouse's workplace contacted us and said a laptop with employee personal data had been stolen -- like you, I can't believe a laptop with that info would leave the workplace! Now they're required to have encrypted data, and almost no one (even those who don't have any personnel info) is allowed to take laptops home!

Password protection means nothing. All you have to do is boot the computer in target mode and take the data (or whatever the pc filesharing equivalent is). Security is right, if the data isn't encrypted, the password isn't going to protect the data from even a casual thief.

People should be aware that their medical information isn't well protected anyway -- unless of course, a patient wants to collect all of it for their own records, then it's a real slog.

Like this comment
Posted by Estupido
a resident of Palo Alto High School
on Jan 21, 2013 at 3:07 pm

That was really stupid of someone to leave it in a car! My husband left his in the covered hatchback of his locked car, and when he returned half an hour later, it was gone, and the hatchback was open.

The police said that crooks now have technology to capture the lock signal from your electronic key when you lock your car, so they no longer have to smash the windows to break into a locked car.

The advice from the Santa Clara PD: always, always take your laptop, phone, or tablet with you, even for two minutes!

Like this comment
Posted by palo alto mom
a resident of Embarcadero Oaks/Leland
on Jan 21, 2013 at 4:02 pm

Ironic that we are blocked from accessing online info for our own children if they are 14-17, yet a physician can bring it home on his laptop!

Like this comment
Posted by Bob
a resident of Midtown
on Jan 21, 2013 at 6:01 pm

Laptops with personal information on them need to have full disk encryption (FDE). That is, the whole disk needs to be encrypted. Logins passwords are not adequate to protect this kind of data. FDE is available from several vendors.

I would think that Lucile Packard Children's Hospital is liable for not having the laptop encrypted.

Like this comment
Posted by Stanford Patient
a resident of Stanford
on Jan 22, 2013 at 6:58 pm

I called the Stanford Privacy office and they REFUSED to explain why patient data was on a laptop, who the physician was (male, but all they would say), and what he was doing with private data. The guy even went so far as to say that he knew the physician was "authorized" to have the data, but then backtracked and said that he had no idea who the laptop belonged to, or why info was on it, or what that physician was doing with it. But we're supposed to take his word that whomever had the data was "authorized." This is so unacceptable.

Like this comment
Posted by concerned about Stanford
a resident of Old Palo Alto
on Feb 4, 2013 at 10:11 am

I'm not computer whiz, but it seems like Stanford has been paying lip service to security. Four security breaches in last year or so? And they say now they;re "redoubling" their efforts to get laptops encrypted? Here we are in the high tech world of Silicon Valley, and Stanford can't remotely wipe data off computers? Computers have been stolen from hospital offices, from homes. I hear only now are they locking doctor's office doors at night! Stanford, get with it. I think my daughter's PA school computer has better security and tracking that Stanford.

Sorry, but further commenting on this topic has been closed.

Burger chain Shake Shack to open in Palo Alto
By Elena Kadvany | 17 comments | 4,875 views

The Cost of Service
By Aldis Petriceks | 1 comment | 1,181 views

This time we're not lying. HONEST! No, really!
By Douglas Moran | 9 comments | 781 views

Couples: When Wrong Admit It; When Right; Shut Up
By Chandrama Anderson | 0 comments | 687 views

One-on-one time
By Cheryl Bac | 0 comments | 539 views