Update: Stolen Computers
Officials at Johns Hopkins report that a stolen computer containing patient information has been recovered and returned to the institution, where an intense preliminary investigation over the Labor Day weekend concluded it is highly unlikely that any information was accessed or compromised.
"We are still investigating, and will quickly bring in an independent information technology forensic expert to examine the computer and address our preliminary findings, but we think we will be able, upon independent verification, to assure our patients that their personal information is, with high probability, safe," said Ronald R. Peterson, president of the The Johns Hopkins Hospital and Health System. "We understand our patients' concerns and we do believe that there is far less need for them to worry at this point," he added.
The return of the desk top computer occurred at about 4 p.m. on Sunday, September 2, after a Baltimore attorney, Michael Mastracci, contacted Johns Hopkins to report that the computer had been made available to him and that a transfer could be made. The lawyer gave the equipment to Johns Hopkins security officials.
Throughout the return process, great care was taken by JH security officers and information technology specialists to follow strict procedures and assure that an electronic "trail" of activity on the computer's hard drive would not be compromised.
Preliminary findings strongly suggest that the desk top computer, the only one that contained personal health information of patients from a tumor registry, was stolen for equipment value and was not even turned on after the July 15 theft, nor was there any evidence based on an analysis of standard approaches that anyone sought or gained access to the database information on the computer's hard drive.
An independent specialist in information technology will be consulted to search further for any such evidence, but Hopkins officials are extremely hopeful that no information was breached.
Conversations with Mr. Mastracci, who is bound by attorney-client privilege, support the findings of the initial Hopkins investigation, which suggested that the equipment was stolen for its hardware value and not in pursuit of any identity theft.
Johns Hopkins sent notification letters last week to several thousand patients alerting them to the possibility of identity theft, and offering them free credit monitoring. Follow up information will be sent in letter form as quickly as possible once the internal and third party investigations are completed.
For the Media