Patients notified after resident doctors store their data on Google

Share this article:
Patients notified after resident doctors store their data on Google
Patients notified after resident doctors store their data on Google

Portland-based Oregon Health & Science University (OSHU) notified more than 3,000 patients that their information had been stored in an unauthorized cloud service.

How many victims? 3,044 patients admitted between January 2011 and July 2013.

What type of personal information? Names, medical record numbers, dates of service, ages, provider's names and diagnoses/prognoses. An address was included for 731 patients.

What happened? Resident physicians in the division of plastic and reconstructive surgery were using Google Drive and Mail to maintain a spreadsheet of patients. Google is not approved to store OSHU patient data.

What was the response? OSHU security experts began an investigation to determine what information was stored on the cloud service, which patients were impacted and whether disclosure of the information could cause harm to patients. Affected patients and law enforcement were notified, all information found on the cloud service was removed and residents were re-educated on privacy protocols.  

Quote: “We do not believe this incident will result in identity theft or financial harm; however, in the interest of patient security and transparency and our obligation to report unauthorized access to personal health information to federal agencies, we are contacting all affected patients," said OHSU Chief Information Security Officer John Rasmussen. "We sincerely apologize for any inconvenience or worry this may cause our patients or their families."

Source: ohsu.edu, “OHSU notifies patients of ‘cloud' health information storage,” July 28, 2013.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

POS malware infections at two OTTO pizzeria locations in Maine

About 900 customers at two OTTO pizzeria locations in Portland, Maine, had payment card data compromised after POS malware was discovered on terminals.

Los Angeles-based health system breached; more than 500 patients affected

Personal information on more than 500 Cedars-Sinai Health System patients was compromised after a laptop was stolen from an employee's home.

Hackers breach social network MeetMe

Hackers took advantage of a vulnerability and were able to access information on an undisclosed number of MeetMe users.