something Dynamic Security would have prevented

Second Maryland hospital in a week discloses breach

A laptop with data on 130,000 patients was stolen in December

Jaikumar Vijayan   

 February 15, 2007 (Computerworld) -- St. Mary's Hospital in Leonardtown, Md., has become the second hospital in the state over the last week to disclose that it has sent letters to tens of thousands of individuals warning them of the potential compromise of their personal data.

The warning, sent out in late January, was prompted by the theft in early December of a laptop computer containing the unencrypted names, Social Security numbers and birth dates of about 130,000 current and former patients of the hospital. The laptop did not, however, contain any patient information or financial data, the hospital said in a statement posted on its Web site.

No explanation was offered as to why it took St. Mary's so long after the breach was discovered to inform those affected. The hospital did not respond to numerous requests for comment.

Since the theft, St. Mary's has contracted with National ID Recovery LLC of Norcross, Ga., to assist those affected by it. The company has an "exceptional track record handling situations where identifying information has been compromised," St. Mary's said in its statement. The service is being provided free for those who take up the offer.

Last week, Johns Hopkins Institute said it was mailing letters to more than 52,000 current and former employees informing them that their personal data was at risk after backup tapes containing the information were misplaced by a courier.