RIVERSIDE COUNTY, CA. – An unencrypted laptop computer that was reported missing from Riverside County Regional Medical Center (RCRMC) in late September might have contained the personal information of patients who received rehabilitation services there between Feb. 1, 2013 and Sept. 18. 2014, hospital officials said this week.
RCRMC's chief compliance officer, Jan Remm, said that after a department manager at the Moreno Valley-based hospital reported the laptop missing on September 25, 2014, the hospital immediately notified law enforcement and began a thorough internal investigation.
Remm said computer forensic experts determined the information of approximately 7,313 patients might have been stored on the laptop. The information includes differing amounts of patient information, including names, addresses, birth dates and, in some instances, social security numbers and health-plan policy numbers. Limited clinical information, such as diagnoses, also might have been present.
Remm said the hospital is in the process of mailing letters to inform affected patients about the data breach.
Hospital officials encourage patients concerned about personal information to closely monitor their credit reports by calling 1-877-322-8228 to request a free annual report from the three U.S. credit reporting agencies – Equifax, Experian and TransUnion. The report also may be requested online at www.annualcreditreport.com
"Protecting the privacy of patients is a commitment and top priority at RCRMC," Remm said. "We have already initiated several measures – including the encryption of all our computing devices – to strengthen our safeguards on patient information and protect patient privacy."
Patients who have questions or concerns about whether their information was stored on the laptop are encouraged to contact the RCRMC confidential assistance line staffed with professionals familiar with this incident. The confidential assistance line is available Monday through Friday 6:00 a.m. to 4:00 p.m., PST at (866) 317-7301.