FBI Investigating Theft of 10 Hospital Computers

The theft could affect Medicare and Medicaid patient records in eight states, according to Hospital Corporation of America.

In the latest episode of stolen computers and compromised personal records, Hospital Corporation of America reported on Aug. 18 that 10 computers had been stolen from one of the health care providers regional offices.

The computers "held thousands of files listing unpaid bills from Medicare and Medicaid patients" who had treatment at hospitals managed by the company in eight states, HCA said in a statement on its Web site.

HCA is conducting an internal review of the break-in, and local law enforcement and the FBI have started a criminal investigation.

With $24.5 billion in revenue in 2005, Nashville, Tenn.-based HCA is one of the countrys largest health care providers. The company manages 182 hospitals and 94 outpatient surgery facilities in 22 states.

The thefts were the latest in a number of public disclosures about missing or stolen computers and the compromising of personal information and identities.

On Aug. 10, the federal Department of Transportation announced that a single laptop containing the names, addresses and social security of some 133,000 Florida residents was stolen.

The most well-known of the thefts involved a laptop taken from the home of a Department of Veterans Affairs employee.

/zimages/1/28571.gifClick here to read more about the arrest of two men in connection with the stolen VA laptop.

In its statement, HCA offered few specifics about the theft or the exact location of the office where the computers were stored. A spokesperson for HCA could not immediately be reached for comment.

The thefts may have be linked to other thefts in the same area where the regional office is located, HCA said in its statement.

The computers contained records that the company had to keep for government reports. The computers were located in a "secured building, protected by keypad lock technology and video surveillance," which required a password for access, the company said.

The thefts affected Medicare and Medicaid patients who had not paid their co-pay or deductible. The data on the computers held records from 1996 to 2006 and involved patients at hospitals in Colorado, Kansas, Louisiana, Mississippi, Oklahoma, Oregon, Texas and Washington.

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.