By Chris Emery
September 4, 2007
A stolen computer containing the personal records of 5,783 patients with
cancer was returned to Johns Hopkins Hospital over the weekend, a
hospital spokesman said.
The computer was given to Johns Hopkins security personnel on Sunday
afternoon by Michael Mastracci, a Baltimore lawyer who says he learned
of its whereabouts from a client and arranged to have it turned over to
An initial investigation suggests the data on the computer, which
includes patients' names, Social Security numbers, birth dates, medical
histories and other personal information, was not compromised, Hopkins
officials said. Inspection of the computer after it was returned
indicated it was probably never turned on after it was stolen and found
no evidence anyone sought or gained access to the database information
on the computer's hard drive, officials said.
"We are still investigating and will quickly bring in an independent
information technology forensic expert to examine the computer and
address our preliminary findings, but we think we will be able, upon
independent verification, to assure our patients that their personal
information is, with high probability, safe," said Ronald R. Peterson,
president of the Johns Hopkins Hospital and Health System. "We
understand our patients' concerns, and we do believe that there is far
less need for them to worry at this point."
Mastracci said he was bound by attorney-client privilege and could not
elaborate on how he received the computer on Sunday.
The desktop computer was stolen from an "administrative work area" in a
building on Johns Hopkins' main campus on the night of July 15 along
with a laptop computer and projector. The computer was connected to a
desk with a steel cable at the time, but the patient data on its hard
drive was not encrypted, which raised concerns the information could be
accessed and used for identity theft.
Based on video surveillance, authorities issued criminal summonses for a
Hopkins employee and an employee of an on-site vendor, Hopkins officials
said. Hopkins sent notification letters on Aug. 24 to patients whose
personal information was on the computer.
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!