Yale Laptop Theft Exposes 1,000 Health Records

  • By Dian Schaffhauser
  • 09/03/10

Yale School of Medicine notified about 1,000 people whose clinical health information was contained on a laptop computer that was recently stolen from the school. The computer contained no Social Security, financial, or insurance data. So far there has been no indication that personal information on the computer has been misused. However, the Health Insurance Portability and Accountability Act requires that organizations working under the HIPAA regulations take actions to reduce any harmful effects caused by the disclosure of protected health information.

The university has been working with the New Haven Police Department to pursue leads in the theft, which took place on the night of July 28. As of this writing, the computer hadn't been recovered. The machine was owned by Yale and stolen from the unlocked office of a data analyst at the school. While access to the stolen laptop was protected by a password, the laptop wasn't encrypted.

The dean of the school of medicine apologized for the security breach and introduced several security upgrades, including mandated HIPAA security training, compliance with strong password standards, and "whole disk encryption," among others.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • student reading a book with a brain, a protective hand, a computer monitor showing education icons, gears, and leaves

    4 Steps to Responsible AI Implementation

    Researchers at the University of Kansas Center for Innovation, Design & Digital Learning (CIDDL) have published a new framework for the responsible implementation of artificial intelligence at all levels of education.

  • glowing digital brain interacts with an open book, with stacks of books beside it

    Federal Court Rules AI Training with Copyrighted Books Fair Use

    A federal judge ruled this week that artificial intelligence company Anthropic did not violate copyright law when it used copyrighted books to train its Claude chatbot without author consent, but ordered the company to face trial on allegations it used pirated versions of the books.

  • server racks, a human head with a microchip, data pipes, cloud storage, and analytical symbols

    OpenAI, Oracle Expand AI Infrastructure Partnership

    OpenAI and Oracle have announced they will develop an additional 4.5 gigawatts of data center capacity, expanding their artificial intelligence infrastructure partnership as part of the Stargate Project, a joint venture among OpenAI, Oracle, and Japan's SoftBank Group that aims to deploy 10 gigawatts of computing capacity over four years.

  • laptop displaying a phishing email icon inside a browser window on the screen

    Phishing Campaign Targets ED Grant Portal

    Threat researchers at cybersecurity company BforeAI have identified a phishing campaign spoofing the U.S. Department of Education's G5 grant management portal.