Second Big Breach for Oregon Health

Oregon Health & Sciences University is notifying 4,022 patients of a data breach following the theft of a physician’s laptop computer in February.


Oregon Health & Sciences University is notifying 4,022 patients of a data breach following the theft of a physician’s laptop computer in February.

The incident is the second major data breach in recent months for OHSU. In July 2012, an unencrypted USB drive containing patient data was stolen from an employee’s home during a burglary. The USB contained information on more than 14,000 patients and about 200 employees, with sensitive information on 702 patients, which is the number on the HHS Office for Civil Rights’ list of major breaches, now totaling 556 breaches since September 2009.

The new breach involves a laptop stolen from a surgeon’s vacation rental home in Hawaii, according to the university. Patient information was in the e-mail program;  daily surgery schedules are e-mailed to surgeons. Information in the schedules included patient name, medical record number, type of surgery, gender, age, surgeon and anesthesiologist names, and surgery dates, times and locations. The Social Security numbers of nine patients were in other e-mails and the patients have been offered identify theft protection services.

OHSU requires all laptops used for patient care to be encrypted. “Because the laptop in question was purchased and used for research purposes, it was not encrypted,” according to a university statement. “Although the physician wrote and received e-mails that related to patient care on the laptop, he believed these emails were housed on the OHSU email network--which is secure. However, as is the case with many e-mail programs; recent e-mails are stored on the computer’s hard drive. In an effort to prevent similar issues in the future, OHSU recently enacted even more stringent encryption requirements.”

What that means, according to a spokesperson, is that any computer that can be used to access patient information now must be encrypted.

More for you

Loading data for hdm_tax_topic #reducing-cost...