NIH researcher loses laptop with data on 2,500 patients

The National Heart, Lung and Blood Institute has strengthened its data protection policies and enforcement of those policies in the wake of the theft of a laptop computer containing unencrypted information on about 2,500 patients enrolled in a clinical research project.

The laptop was stolen in February from the locked car trunk of a researcher employed by the institute, which is part of the National Institutes of Health. According to a statement by the institute’s director, NIH information technology officials believe it’s unlikely that the patients will be victims of identity theft or financial loss.

The lost files held names, birth dates, hospital medical record numbers and data from magnetic resonance imaging of the patients’ hearts, said Dr. Elizabeth Nabel, director of the National Health Lung and Blood Institute. The laptop was turned off and password-protected, but the institute acknowledged that protection could be insufficient.

“The laptop contained no additional medical information on participants beyond the MRI reports and no additional information such as Social Security numbers, addresses, phone numbers or any financial information,” Nabel’s statement said.

The institute notified patients of the potential breach in a letter sent by overnight delivery last week, nearly three weeks after the loss of the laptop.

As a result of the loss, Nabel said, the institute is now requiring that all its laptops be encrypted, in accordance with policies of the Office of Management and Budget and the Department of Health and Human Services, NIH’s parent agency. NIH Center for Information Technology staff members are inspecting each researcher’s laptop to ensure it has encryption software installed.

“We have also emphasized that NHLBI staff are never to keep patient names, other identifying information, or identifiable medical information on a laptop computer,” Nabel’s statement said.

“When volunteers enroll in a clinical study, they place great trust in the researchers and study staff, expecting them to act both responsibly and ethically,” she said. “We at the NHLBI take that trust very seriously and we deeply regret that this incident may cause those who have participated in one of our studies to feel that we have violated that trust.” Nabel said.

About the Author

Nancy Ferris is senior editor of Government Health IT.


  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.