WASHINGTON — A government laptop computer containing sensitive medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February, potentially exposing seven years' worth of clinical trial data, including names, medical diagnoses and details of the patients' heart scans.
The information was not encrypted, in violation of the government's data-security policy.
NIH officials made no public comment about the theft and did not send letters notifying the affected patients of the breach until Thursday.
Leslie Harris, executive director of the Center for Democracy & Technology, said, "If somebody does not want to share the fact that they're in a clinical trial or the fact they've got a heart disease, this is very, very serious."
NIH officials said the laptop was taken Feb. 23 from the locked trunk of a car driven by a laboratory chief at the National Heart, Lung and Blood Institute, who had taken his daughter to a swim meet in Montgomery County, Md. They called it a random theft.
The NIH Center for Information Technology determined that the theft posed "a low likelihood of identity fraud" or financial harm, officials said.