A laptop computer with health and personal information on 21,000 patients was stolen from an office at Thomas Jefferson University Hospital in Philadelphia in June.
The patients whose unencrypted records were on the password-protected laptop were notified last Friday of the theft in a letter from hospital president Thomas J. Lewis, who offered identity-theft monitoring and protection.
Lewis said the hospital would do all it could to protect the patients whose information, including Social Security numbers, had been exposed and take steps to prevent similar incidents in the future.
The breach at Jefferson is part of a national problem, experts say.
A federal database has documented 121 such lapses nationwide since September 2009, showing that medical or financial information had been exposed for more than five million people.