Patients notified after resident doctors store their data on Google

Share this article:
Patients notified after resident doctors store their data on Google
Patients notified after resident doctors store their data on Google

Portland-based Oregon Health & Science University (OSHU) notified more than 3,000 patients that their information had been stored in an unauthorized cloud service.

How many victims? 3,044 patients admitted between January 2011 and July 2013.

What type of personal information? Names, medical record numbers, dates of service, ages, provider's names and diagnoses/prognoses. An address was included for 731 patients.

What happened? Resident physicians in the division of plastic and reconstructive surgery were using Google Drive and Mail to maintain a spreadsheet of patients. Google is not approved to store OSHU patient data.

What was the response? OSHU security experts began an investigation to determine what information was stored on the cloud service, which patients were impacted and whether disclosure of the information could cause harm to patients. Affected patients and law enforcement were notified, all information found on the cloud service was removed and residents were re-educated on privacy protocols.  

Quote: “We do not believe this incident will result in identity theft or financial harm; however, in the interest of patient security and transparency and our obligation to report unauthorized access to personal health information to federal agencies, we are contacting all affected patients," said OHSU Chief Information Security Officer John Rasmussen. "We sincerely apologize for any inconvenience or worry this may cause our patients or their families."

Source: ohsu.edu, “OHSU notifies patients of ‘cloud' health information storage,” July 28, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.