An unencrypted desktop computer containing personal information on 3,780 patients was stolen during a break-in at a Temple University physicians' office in late July, the university said in a statement Thursday.
The computer, in the department of surgery, contained files with patient information that could be used for identity theft, including name, age, billing codes, and, in some cases, the name of the referring physician. The files did not contain Social Security numbers or financial data, according to the university.
It said the theft was promptly reported to police, to appropriate authorities at the U.S. Department of Health and Human Services, and to the affected patients.
"To help monitor the potential misuse of the stolen information, Temple has offered identity-monitoring services within the United States to all affected patients for 12 months, at no cost to them," the statement said. "We deeply regret this incident and the inconvenience this may have caused our patients."
Temple said it had taken steps to prevent such a theft in the future, including reeducating employees about precautions, increasing physical surveillance, and improving security measures for desktop computers.
The data breach was the second involving a health system reported in less than a month.
Community Health Systems, which includes 20 hospitals in Pennsylvania and one in South Jersey, said three weeks ago that personal data belonging to 4.5 million patients had been stolen between April and June by computer hackers traced to China.
Those records included patient names, addresses, birth dates, and telephone and Social Security numbers, but not credit-card or medical information, the Tennessee-based health system, one of the largest in the country, reported to the federal government.
That attack was believed to be the second largest of its type involving patient information since 2009, when the U.S. Department of Health and Human Services began tracking such breaches.
Last December, the University of Pennsylvania Health System announced that some patients' privacy was accidentally breached because of misprinted bills.
More than 500 erroneous statements, affecting more than 1,000 patients, were mailed out that month by one of Penn's billing vendors, RevSpring of Wixom, Mich., the university said. As a result, some patients received bills containing both their own correct information and an unrelated patient's information on the reverse side.