The New York Times is reporting this morning that an unnamed employee stole personal data on over 40,000 patients from NewYork-Presbyterian Hospital/Weill Cornell Medical Center. The theft “occurred over the past several years and included patients’ names, phone numbers and Social Security numbers.” As we’ve come to grimly expect in these cases, the hospital was made aware of the theft in January, and announced it publicly on Friday after an internal audit. “We obviously deeply regret that this has happened,” said the hospital’s spokeswoman, Ms. Manners. She also said that investigators are “looking into the possibility that the theft could be part of a larger criminal scheme.”