Stolen laptop held personal data on nearly 3,000 Northwestern Memorial patients

A major Chicago health care system has apologized to nearly 3,000 patients whose personal information was on an unencrypted laptop that was stolen in October.

Northwestern Memorial Healthcare started mailing letters Friday to affected patients and promised to take steps to enhance security. The system operates the flagship academic medical center Northwestern Memorial Hospital, Northwestern Lake Forest Hospital and Northwestern Medical Group.

The laptop was inside an employee's vehicle that was stolen Oct. 21, the hospital system said in a statement. The laptop was password-protected, but not encrypted. Officials said they are cooperating with law enforcement, and that they have no knowledge of whether the stolen patient data had been misused.

An outside forensics company hired by the hospital system determined the laptop may have contained patients' names, addresses, dates of birth, health insurance information and other information, including Social Security numbers. The laptop did not include credit card or bank account information, Northwestern said.

Northwestern is making sure all its laptops are encrypted to prevent future breaches and "reinforcing education" with staff "on the importance of handling patients' information securely," the statement said.

"We are deeply sorry for the inconvenience to affected patients," Northwestern said.

The health care system set up a call center to answer patient questions, posting the number on its website: Patients can call 888-266-9276, Monday through Friday, from 8 a.m. to 8 p.m. Central.

Northwestern spokeswoman Kris Lathan said Saturday the health system wasn't providing additional information beyond its initial statement.