[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Stolen Hopkins computer is returned


By Chris Emery
Sun reporter
September 4, 2007 

A stolen computer containing the personal records of 5,783 patients with 
cancer was returned to Johns Hopkins Hospital over the weekend, a 
hospital spokesman said.

The computer was given to Johns Hopkins security personnel on Sunday 
afternoon by Michael Mastracci, a Baltimore lawyer who says he learned 
of its whereabouts from a client and arranged to have it turned over to 

An initial investigation suggests the data on the computer, which 
includes patients' names, Social Security numbers, birth dates, medical 
histories and other personal information, was not compromised, Hopkins 
officials said. Inspection of the computer after it was returned 
indicated it was probably never turned on after it was stolen and found 
no evidence anyone sought or gained access to the database information 
on the computer's hard drive, officials said.

"We are still investigating and will quickly bring in an independent 
information technology forensic expert to examine the computer and 
address our preliminary findings, but we think we will be able, upon 
independent verification, to assure our patients that their personal 
information is, with high probability, safe," said Ronald R. Peterson, 
president of the Johns Hopkins Hospital and Health System. "We 
understand our patients' concerns, and we do believe that there is far 
less need for them to worry at this point."

Mastracci said he was bound by attorney-client privilege and could not 
elaborate on how he received the computer on Sunday.

The desktop computer was stolen from an "administrative work area" in a 
building on Johns Hopkins' main campus on the night of July 15 along 
with a laptop computer and projector. The computer was connected to a 
desk with a steel cable at the time, but the patient data on its hard 
drive was not encrypted, which raised concerns the information could be 
accessed and used for identity theft.

Based on video surveillance, authorities issued criminal summonses for a 
Hopkins employee and an employee of an on-site vendor, Hopkins officials 
said. Hopkins sent notification letters on Aug. 24 to patients whose 
personal information was on the computer.

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today!