The Washington Redskins have confirmed that a laptop containing the medical records of thousands of NFL players was stolen from a team trainer's car in April.
According to the team, the laptop was password-protected but not encrypted – which would further help prevent unauthorized access.
"We have no reason to believe the laptop password was compromised," the statement issued Wednesday said. "The NFL's electronic medical records system was not impacted."
Also, "no Social Security numbers, protected health information ... under HIPAA, or financial information were stolen or are at risk of exposure," the Redskins stated.
Deadspin was the first to report the incident Wednesday.
The site obtained a Friday 27 letter from NFL Players Assn. Executive Director DeMaurice Smith to every team's player representative informing them that a backpack containing a laptop with copies of the medical exam results for NFL scouting combine attendees from 2004 through 2016 was stolen from the car of Redskins trainer in Indianapolis on April 15.
"The NFLPA has consulted with the U.S. Department of Health and Human Services regarding this matter," Smith stated in the letter. "The NFLPA also continues to be briefed by the NFL on how they intend to deal with both the breach by a club employee, the violation of NFL and NFLPA rules regarding the storage of personal data, and what the NFL intends to do with respect to notifying those who may be affected."
The NFLPA has declined to comment further on the matter
The NFL issued a statement Wednesday:
"Once we became aware of the theft, we promptly worked with the club and the NFLPA to identify the scope of the issue.
"The club is taking all appropriate steps to notify any person whose information is potentially at risk. As the NFLPA memo confirms, the theft of data involves information maintained by one club and no information maintained by any club on the NFL Electronic Medical Records system was compromised and the theft is entirely unrelated to that system.
"All clubs have been directed to re-confirm that they have reviewed their internal data protection and privacy policies and that medical information is stored and transmitted on password-protected and encrypted devices; and that every person with access to medical information has reviewed and received training on the policies regarding the privacy and security of that information.
"We are aware of no evidence that the thief obtained access to any information on the computer that was stolen nor aware that any information was made public."
In their statement, the Redskins said they have started encrypting all laptops issued to athletic trainers and other team personnel.
MORE NFL NEWS