Breach of Limited Patient and Research Study Subject Information
October 9, 2015
SUBJECT: Data Breach
In accordance with applicable laws, we are issuing the following notice related to the breach of limited patient and research study subject information due to the theft of a physician laptop. We have no reason to believe at this time that the information has been or will be misused.
On Aug. 10, a Johns Hopkins physician’s suitcase was stolen at an international airport, and a report was filed on that date with local authorities. The suitcase included an unencrypted laptop containing limited information about 571 patients with cancer seen at The Johns Hopkins Hospital between 2006 and 2014 and about 267 people who participated in a research study on a rare genetic disorder between 2008 and 2015.
The information in question did not contain billing or financial information, Social Security numbers, or medical record contents. Johns Hopkins is reaching out to the individuals whose data were on the stolen laptop.
Patient data on the stolen laptop was limited to the patient names, the dates seen at The Johns Hopkins Hospital, the names of patients’ physicians, one- to three-word diagnoses and medical record numbers—but not their contents—of the patients with cancer. For study participants, the information included patient names, study identification numbers and, for subsets, dates of birth, addresses, referring physicians’ names and comments on the disorder stated in technical terms.
Johns Hopkins has a policy that requires password protection and encryption on all devices. It is taking steps to reinforce data encryption requirements throughout the organization.
If you think you may fall within the category of patient or study subject identified above and have questions or concerns, please call 1-877-893-2643.
Johns Hopkins sincerely regrets any concern this incident may cause.