http://www.sciam.com/article.cfm?id=security-breach-lost-laptopThe federal government has repeatedly pledged to encrypt sensitive information, not to mention stop the practice of storing it on employee laptops, in the wake of several serious security breaches. But apparently it has yet to make good on its promises. The U.S. National Institutes of Health (NIH) confirmed Monday that a laptop containing unsecured information about 2,500 participants enrolled in a cardiac study by its National Heart, Lung, and Blood Institute (NHLBI) was stolen from the trunk of a researcher's car.
NHLBI director Elizabeth Nabel said in a statement that the theft did not occur on the NIH's Bethesda, Md., campus, but she did not provide any other details about the alleged crime. She said the purloined computer was issued to an employee (as opposed to a government contractor); it reportedly contained the names, birth dates and hospital medical record numbers of each participant as well as information gleaned about them from cardiac MRIs taken during the study conducted from 2001 to 2007.
The NHLBI Institutional Review Board (IRB)—an independent committee that oversees the conduct of research to protect the rights and welfare of study participants—decided on March 4 that study participants should be informed of the breach, but the panel did not approve a letter to be sent to them until March 20. (They were sent via overnight delivery the following day.) The NHLBI said it "immediately" reported the theft to Montgomery County, Md., police. The NHLBI did not respond to phone or e-mail requests for comment, but The Washington Post reported that the laptop was stolen February 23.