Blumenthal: Yale data breach a reminder of 'legal and moral obligation to protect privacy'
Yale School of Medicine is in the process of notifying approximately 1,000 individuals whose clinical health information was contained on a laptop computer that was recently stolen.
According to officials, the computer was stolen from the office of a data analyst at the Yale School of Medicine on the night of July 28 and was reported missing the next morning.
The computer files did not contain any Social Security, financial or insurance numbers, said officials. Access to the laptop was protected by a password, but was not encrypted, they said. Currently, there is no indication that any individual information on the computer has been misused.
"We deeply regret this incident," said Robert Alpern, MD, dean of the School of Medicine. "The School of Medicine considers the privacy of its patients of paramount importance. In addition to affirming all of our existing measures to protect patient privacy, we are moving to introduce immediately several security upgrades."
Attorney General Richard Blumenthal's office is investigating to determine the causes of the breach and whether state or federal laws have been violated.
"This breach – similar to recent breaches by others – must be a reminder to guardians of sensitive health information about their significant legal and moral obligation to protect privacy."
Blumenthal is seeking privacy protections for individuals affected, and measures to ensure that similar breaches are prevented in the future.
"Yale Medical School is cooperating with my office – recognizing that it has a profound responsibility to safeguard sensitive health information, and must be accountable to approximately 1,000 individuals whose information may be at risk," Blumenthal said. "My office has begun an investigation to identify the cause of the breach and assure ongoing protections for patients."