The health system has contracted with an AIG member company to provide identity theft protection coverage for a year. Features of the coverage include expense reimbursement and services to help identity theft victims file affidavits with the U.S. Federal Trade Commission and notify affected creditors.

In a statement, an Emory spokeswoman said her company mailed letters on Dec. 20 to 36,000 patients alerting them of the incident. ERS provides cancer registry data processing services to Emory. Hospital data in the stolen computer was from Emory Hospital, Crawford Long Hospital and the Grady Memorial Hospital, the statement said.

"The registry information on the computer in question was double password-protected making it extremely difficult to access," the spokeswoman said in the statement. "This appears to be a random 'smash and grab' break-in and according to the local police investigator not a theft for purposes of stealing information off the computer."

ERS is withholding the names of the other two health care providers affected by the theft until they begin notifying patients about the compromise, a spokeswoman said.

News of the theft comes amid heightening concerns about privacy breaches involving health care data. Last September, the Government Accountability Office released a report showing that more than 40 percent of U.S. Medicare contractors and state Medicaid agencies experienced a security breach involving protected health information during the past two years. Similarly, 44 percent of Medicaid agencies, 42 percent of Medicare fee-for-service contractors and 38 percent of the contractors for the Tricare program reported similar breaches.