While some of the data was password protected, the majority of the information was not. Officials at the medical center do not believe that any identity theft has occurred but have informed patients of the breach. The theft of the laptop occurred in August and the medical center began alerting patients whose data may have been compromised late last week. The incident highlights an important policy lesson for organizations. Laptops and flash drives are small and easy to steal. Employees must be held accountable for the devices and any data on those devices needs to be encrypted to mitigate damage when the device is stolen.