In an email to CSN Mid-Atlantic on Wednesday afternoon, NFLPA Executive Director DeMaurice Smith explained that a laptop stolen from a Redskins trainer in April contained thousands of confidential medical records pertaining to NFL players and NFL Combine attendees.
The NFLPA consulted with the Department of Health and Human Services about the data breach and continues to be briefed by the NFL on how this happened and how the league intends to deal with the matter.
Following the completion of OTAs on Wednesday, the Redskins released a statement regarding the incident.
"The Washington Redskins can confirm that a theft occurred mid-morning on April 15 in downtown Indianapolis, where a thief broke through the window of an athletic trainer’s locked car," the official statement read.
"No social security numbers, Protected Health Information (PHI) under HIPAA, or financial information were stolen or are at risk of exposure."
"The laptop was password-protected but unencrypted, but we have no reason to believe the laptop password was compromised. The NFL’s electronic medical records system was not impacted.
The team immediately notified local law enforcement of the theft and has cooperated with its investigation. The team is working with the NFL and NFLPA to locate and notify players who may have been impacted. The team is also taking steps to prevent future incidents of this nature, including by encrypting all laptops issued to athletic trainers and other team personnel and through enhanced security training.”
Many of the records contained in the drive are thought to belong to players involved in the NFL Combine and not necessarily on NFL teams, which may make contacting those players a difficult task.