In an email obtained by CSN Mid-Atlantic, NFLPA Executive Director DeMaurice Smith explains that a laptop containing thousands of NFL players' and prospective players' medical records has been stolen.
The records were on the laptop of a Redskins athletic trainer, which he left in the car, and the laptop was stolen.
The laptop contained the medical exam results of NFL combine attendees from 2004 to the present, as well as records from several Redskins players.
The memo also states, "We have also been advised that the backpack contained a zip drive and certain hard copy records of NFL Combine medical examinations as well as portions of current Redskins' player medical records. It is our understanding that our Electronic Monitoring System prevented the downloading of any player medical records held by the team from the new EMR system."
Smith writes that the NFLPA has consulted with the Department of Health and Human Services about the data breach and "continues to be briefed by the NFL on how they intend to deal with both the breach by club employee, the violation of NFL and NFLPA rules regarding the storage of personal data, and what the NFL intends to do with respect to notifying those who may be affected."
It is believed that many of those affected are not currently NFL players, but those who simply went to the NFL Combine and did not make a team.
Finding those prospective players to let them know their medical data have been breached could be a difficult task.
On Wednesday afternoon, the NFL responded to the matter, in an email sent to CSN Mid-Atlantic. "Once we became aware of the theft, we promptly worked with the club and the NFLPA to identify the scope of the issue," NFL Vice President of Communications Brian McCarthy said.
"The club is taking all appropriate steps to notify any person whose information is potentially at risk. As the NFLPA memo confirms, the theft of data involves information maintained by one club and no information maintained by any club on the NFL Electronic Medical Records system was compromised and the theft is entirely unrelated to that system.
All clubs have been directed to re-confirm that they have reviewed their internal data protection and privacy policies and that medical information is stored and transmitted on password-protected and encrypted devices; and that every person with access to medical information has reviewed and received training on the policies regarding the privacy and security of that information.
We are aware of no evidence that the thief obtained access to any information on the computer that was stolen nor aware that any information was made public."
The Redskins did not comment on the matter when asked at OTAs on Wednesday.