For the second time in less than a year, Oregon Health and Science University has suffered a major data breach, the facility announced this week. The breach occurred when an unencrypted laptop containing information for 4,022 patients was stolen from an OHSU surgeon's vacation rental home in Hawaii in late February.
The announcement from OHSU states that the desktop and documents folder did not contain any sensitive data, and the patient information was within the email program. Mostly, it was daily surgery schedules emailed to surgeons scheduled to operate between late 2012 through late February 2013, but it also included patient names, medical record numbers, type of surgery (along with date, time and location), gender, age, name of the surgeon and name of the anesthesiologist.
Nine of the approximately 5,000 emails stored on the laptop contained social security numbers; those patients will receive free identity theft monitoring, the announcement states.
"At the time of this incident, encryption was required only for laptops used for patient care," the announcement states. "Because the laptop in question was purchased and used for research purposes, it was not encrypted."
Last August, 14,000 patients treated at OHSU had their information put at risk when a USB drive was stolen during a burglary of a hospital employee's home.
The breach marks the third reported this week. As FierceHealthIT reported yesterday, 2,600 medical appointment records slated for shredding disappeared from Granger Medical Clinic in Utah. And at the University of Mississippi Medical Center, a shared password-protected laptop containing names, addresses, dates of birth, diagnoses and treatments is missing.
To learn more:
- read the announcement from OHSU
Data breaches hit hospitals in two states
New year, same old health data breaches
Adopting best practices key to data security, HHS officials say
Data security, infrastructure upgrades among top CIO priorities for 2013