When he saw weekend news reports that a computer containing the personal records of 5,783 cancer patients had been stolen from Johns Hopkins Hospital, attorney Michael Mastracci knew exactly where to find it.
"I knew about it weeks ago," he said of the computer. "Before I saw the news, I didn't know what was on the computer. But when I saw the stories, I knew immediately that that was the computer I'd heard about. "
By early Sunday afternoon, he had arranged to have the computer brought to his Catonsville law office. He called The Sun, which had reported the theft Saturday, to find out whom to contact at Hopkins to return the hottest desktop in town.
"I have access to that computer, and I can put it in the university's hands," Mastracci told a reporter. "I am anxious to return it to those souls who feel violated."
Hopkins officials reclaimed the computer that afternoon. Yesterday, they confirmed that it was the machine they were looking for and that none of the patients' personal records appeared to have been accessed for use in identity theft.
Mastracci said he first learned of the missing computer three weeks after it was stolen July 15 from an administrative building on Hopkins' main campus.
A person whom Mastracci declined to name, based on attorney-client privilege, contacted him for legal advice on returning the missing computer to Hopkins.
"It was not stolen with the knowledge that there was a big patient database on it and that that could be sold for money," Mastracci said.
Mastracci met with the person who contacted him, recommending that the computer be returned as quickly as possible. Initially, the lawyer said, the plan was to have a private investigation firm return the machine on behalf of his client. But the client needed time to raise money to pay the firm.
Meanwhile, Hopkins security officials and city police were searching for the missing computer.
Hopkins officials completed a police report Aug. 2 and sent out letters Aug. 24 notifying the patients and their families of the security breach. The letter said their Social Security numbers, birth dates, medical histories and other personal information were on the missing desktop.
The patients' records were part of a tumor registry database required by state law. The computer was password protected, but the records were not encrypted or password protected.
