Stolen Laptops Lead Breach Roundup

Two Healthcare Organizations Report Thefts
Stolen Laptops Lead Breach Roundup

In this week's breach roundup, two healthcare organizations reported breaches involving stolen unencrypted laptops. Stolen laptops are a common cause of major health information breaches, according to a federal tally (see: Breach Tally: Encryption Still an Issue).

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

Laptop Theft Affects 4,000 Patients

Oregon Health & Science University in Portland is notifying approximately 4,000 patients about a breach after an unencrypted laptop was stolen from a surgeon's vacation rental home in Hawaii in late February.

The patient information on the laptop was located exclusively within the e-mail program, according to a notice on the organization's website. The information was contained within daily surgery schedules that are e-mailed to surgeons.

Information on the laptop included patient names, genders and age; medical record numbers; type of surgery; surgery dates, time and locations; and name of the surgeon and anesthesiologist.

A small number of the e-mails stored Social Security numbers for nine patients. Those individuals are being offered free identity theft monitoring.

At the time of the incident, encryption was required only for laptops used for patient care. "Because the laptop in question was purchased and used for research purposes, it was not encrypted," the website notice says.

Breach Involves a Shared Laptop

The University of Mississippi Medical Center in Jackson reports that an unencrypted laptop shared by several clinicians was stolen from a patient-care area.

The medical center is not disclosing the number of patients affected. "In this case, due to insufficient contact information for those who may be affected, individual notifications are not possible," according to a website notice.

Officials learned of the breach on Jan. 22, the notice says. The laptop contained health and personal information about an undisclosed number of adult patients seen between 2008 and January 2013. Information on the laptop may include names, addresses, dates of birth, Social Security numbers, diagnoses, medications, treatments and other clinical information.

The medical center says it hasn't received any notifications regarding misuse of protected health information as a result of the breach.

Paper Records Reported Missing

Granger Medical Clinic, in West Valley City, Utah, is notifying patients of a possible breach after 2,600 paper medical appointment records scheduled for shredding went missing.

The records, printed from an electronic scheduling database and discovered to be missing Jan. 22, included patient names, dates and times of the appointments, and the reason for their visit, according to The Salt Lake Tribune.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.