Privacy & Security

Stolen laptop could mean compromised health records for NFL

The league incident, which involved an unencrypted computer, is the second in two years to require reporting to HHS.
By Bernie Monegain
June 02, 2016
11:27 AM

The protected health information of thousands of football players may have been compromised after a backpack that held a laptop containing the digital medical records of NFL team members was stolen from the car of a Washington Redskins trainer.

The website Deadspin obtained an email from the NFL Players Association, sent to every team's player representative on May 27, informing them of the theft. The email indicates the laptop was password-protected, but unencrypted.

The laptop contained exam results for NFL combine attendees since 2004 and some Washington Redskins player records. The NFL combine is the league's annual scouting event.

The backpack was stolen April 15 in Indianapolis. Besides the laptop, it also reportedly contained a zip drive and paper records of medical exam results for NFL combine attendees and current Redskins players.

The incident is the second alleged breach the NFL has had to deal with in as many years. Back in July 2015, two employees of Jackson Memorial Hospital leaked the medical records of New York Giants defensive end Jason Pierre-Paul after a fireworks accident sent the football star to the hospital.

[Also: Two hospital employees fired for leaking Jason Pierre-Paul's record after fireworks mishap]

The email from the NFLPA noted the association has consulted with HHS about the incident.

Here is the full statement from the NFL regarding the stolen laptop:

Once we became aware of the theft, we promptly worked with the club and the NFLPA to identify the scope of the issue.

The club is taking all appropriate steps to notify any person whose information is potentially at risk. As the NFLPA memo confirms, the theft of data involves information maintained by one club and no information maintained by any club on the NFL Electronic Medical Records system was compromised and the theft is entirely unrelated to that system.

All clubs have been directed to re-confirm that they have reviewed their internal data protection and privacy policies and that medical information is stored and transmitted on password-protected and encrypted devices; and that every person with access to medical information has reviewed and received training on the policies regarding the privacy and security of that information.

We are aware of no evidence that the thief obtained access to any information on the computer that was stolen nor aware that any information was made public. 

Twitter: @Bernie_HITN
Email the writer: bernie.monegain@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Compliance & Legal, Data Warehousing, Electronic Health Records (EHR, EMR), Mobile, Privacy & Security

More regional news

VA building signage

House passes veterans healthcare package without RESET Act

By
Andrea Fox
November 21, 2024
David Miles of Oklahoma Heart Hospital

Deep dive: A tour of all-digital Oklahoma Heart Hospital, where automation is the norm

By
Bill Siwicki
November 21, 2024
Healthcare workers looking at X-ray images on monitors

Streamlining healthcare operations with multicloud-by-design

November 21, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

VA building signage
House passes veterans healthcare package without RESET Act

Most Read

HMIS integration with other public HIS sought and more India briefs
What Loper Bright and the end of Chevron deference mean for HHS
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards

More Stories

BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry
A doctor with glasses sits at a desk and speaks during a telehealth visit.
DEA and HHS extend virtual prescribing for controlled substances through 2025
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices
George Pappas of Intraprise Health on cybersecurity
How to protect telemedicine from cyberattacks