Mann-Grandstaff VA Medical Center Data Breach (2017)

A decommissioned laptop computer previously used by the Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane, WA, has been discovered to be missing, potentially resulting in the exposure of sensitive patient data. The laptop was paired with a hematology analyzer and stored data related to hematology tests. The laptop was in use between April 2013 and May 2016, but was decommissioned when the device became unusable. The laptop, which had been supplied by a vendor, was replaced; however, an equipment inventory revealed the device to be missing. The device should have been returned to the vendor, although the vendor has no record of the laptop ever being recalled from MGVAMC. An inventory of equipment at the MGVAMC lab determined the device was missing. A full search of the medical center was conducted but the laptop could not be located. It was not possible to tell exactly what information had been stored on the device, or the exact number of patients whose protected health information may have been exposed. MGVAMC concluded all patients who submitted samples for hematology tests during the dates that the laptop was in use potentially had data exposed. The types of information stored on the device would have included names, dates of birth, and Social Security numbers according to a statement issued by MGVAMC. 3,275 patients have potentially been impacted and have been notified of the possible breach. Where applicable, patients will be offered credit monitoring and identity theft protection services.