HealthTexas Provider Network, a subsidiary of the Dallas-based Baylor Health Care System, is notifying about 7,400 patients of the potential compromise of their Social Security Numbers (SSNs) and other personal information after a laptop containing the data was stolen in September.

It is also contacting an additional 100,000 people whose records on the laptop contained a "limited amount" of health information -- though not SSNs, Baylor said in a statement Tuesday.

The laptop was left overnight by an employee in her car, from which it was stolen sometime in mid-September. The computer was used mainly for administrative purposes and therefore did not contain comprehensive patient histories, Baylor said. The employee from whom the laptop was stolen has been fired, a Baylor spokeswoman added Wednesday.

Individuals whose SSNs were compromised in the incident will receive a year's worth of free credit monitoring, the spokeswoman said.

Ironically, the theft comes as Baylor is rolling out new technology aimed at helping it track laptops and remotely erase sensitive information on them in the event of a loss or theft.

The incident highlights yet again why security analysts have for a long time now advocated the use of encryption or other measures for protecting sensitive data on laptops and other mobile devices.

Privacy Rights Clearinghouse which maintains a data breach log lists dozens of incidents this year involving data compromises stemming from lost laptops, PCs and storage devices.

For example, the National Heart, Lung and Blood Institute (NHLBI) in March disclosed that a laptop containing sensitive data on about 2,500 individuals had been stolen. In another incident the same month, Agilent Technologies Inc. disclosed the theft of a laptop containing confidential information on more than 50,000 current and former employees.

In January, Horizon Blue Cross Blue Shield of New Jersey and Georgetown University, both announced data compromises resulting from the loss of a laptop and a storage device, respectively. In Horizon's case, the stolen laptop contained sensitive data on 300,000 people. A security feature on the stolen computer later erased that data.

In the Georgetown University incident, the stolen disk contained personal data on about 38,000 current and former students, faculty members and staffers.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.