August 03, 2012

Thumb drive with data on 14k hospital patients stolen

A USB drive with data on thousands of patients of Oregon Health & Science University (OHSU) in Portland was stolen from the home of an employee on July 4 or 5.

How many victims? 14,300, including 702 pediatric patients and around 200 employees of the facility.

What type of personal information? Names, dates of birth, phone numbers, addresses, medical record numbers and descriptions of patients' medical conditions. The information of staff on the device included names, Social Security numbers, addresses and employment-related vaccination records.

What happened? An employee accidentally took home the thumb drive in his briefcase, which was subsequently stolen, along with other items, during a home invasion.

What was the response? OHSU released an announcement stating that letters went out to "a limited number of premature pediatric patients who were screened for vision issues." It said the device was password-protected, but did not say if it was encrypted. However, the facility stated it is developing further methods to ensure USB drives are encrypted. A toll-free number to respond to patient questions has been set up.

Quote: "It's likely that the USB drive was never the target," said Ron Marcum, OHSU's interim chief corporate integrity officer..

Source: Becker's Hospital Review, "Data Breach Affects More Than 14k Oregon Health & Science University Patients," Aug. 1, 2012


Previous Post
Next Post
Related Articles
Related Topics
Related Links
close

Next Article in The Data Breach Blog

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.