Image of nurses' hands at computer keyboard

Thousands of people receiving long-term care in Michigan have had their personal information compromised due to a laptop and flash drive theft, the state’s Department of Community Health (MDCH) has announced.

The computer and flash drive belonged to an employee of the state’s Long-Term Care Ombudsman’s Office, and were stolen on Jan. 30 or 31, according to MDCH. The unencrypted flash drive contained personal information of more than 2,500 living and deceased individuals, and more than 1,500 records contained a Social Security or Medicaid identification number.

The data on the laptop was encrypted, MDCH said in an April 3 press release.

After being alerted to the Health Insurance Portability and Accountability Act breach on Feb. 3, investigators reconstructed the stolen data and notified affected parties, according to the community health department.

Authorities are working to tighten security procedures, said Nick Lyon, chief deputy director of the MDCH. This includes additional training on the use of portable electronic devices for the workers at the Ombudsman’s Office.

The state agencies involved in the matter are providing credit monitoring for the people whose Social Security or Medicaid number was stolen.

In January, a federal judge ruled that individuals cannot invoke HIPAA to sue healthcare providers when their personal information is compromised due to a laptop theft.