WASHINGTON (AP) - Howard University Hospital says a former contractor's personal laptop containing patient information was stolen in January.
The hospital sent letters this week to more than 34,000 patients affected by the breach.
The records held personal information, including Social Security numbers.
The hospital said in a statement that the laptop was password protected and that there is no evidence that the patients' files have been violated.
It said the former contractor downloaded the files to a personal laptop in violation of hospital policy and federal health care rules.
NOTE: Has your organization reviewed your agreements, training, etc. with contractor's who have access to information? Remember the covered entity (hospital) must notify it's patients that their information may have been breached. Notice in this article the name of the contractor was NOT mentioned. Encryption is the key, you can get to a laptops data even if it is password protected. Non-encrypted PHI that is compromised requires reporting to the individual, the press and HHS. Research encryption today and also review you agreements and processes with contractors/business associates. Do you know where your data is and do you trust your business associates to protect that data?