Sensitive Medical Data of 2500 Patients Stolen
Private medical details of over 2,500 patients taking part in a study conducted by the National Institutes of Health have been stolen. The information was stored on a government laptop computer which was stolen in February. The data accounted for seven years of clinical trial, exposing names, medical diagnoses and details on patients’ heart scans. Although governmental policies enforce it, the stolen data was not encrypted.
It took NIH a month to reveal the theft and start notifying the patients whose sensitive records have been lost. According to the Washington Post, the reason behind NIH officials’ hesitation was their concerns they would cause false alarms.
Elizabeth G. Nabel, director of the National Heart, Lung and Blood Institute (NHLBI), said in a statement issued late Friday that “when volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically.” She said that “we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust.”
NIH officials said the laptop was taken Feb. 23 from the locked trunk of a car driven by an NHLBI laboratory chief named Andrew Arai, who had taken his daughter to a swim meet in Montgomery County. They called it a random theft. Arai oversees the institute’s research program on cardiac magnetic resonance imaging and signed the letters to those whose data was exposed.
Given this recent data theft incident, government agencies should really take the findings of the Government Accountability Office regarding security more seriously and start implementing more effective security policies.
