The Chicago-based company Accretive Health agreed to a settlement with the Federal Trade Commission after a data breach in 2011 left more than 23,000 patients open to identity theft. The settlement doesn’t include any financial penalties. Instead the company has to add new levels of security to its systems to better protect patient information. Accretive Health’s systems also have to undergo a security review every two years. The terms of the settlement will be active for the next twenty years. The breach happened in June 2011 when someone stole an unencrypted laptop from an Accretive Health employee’s car. Gov Info Security reports it had social security numbers, names, dates of birth, billing information, and medical diagnoses of more than 23,000 people.