Laptop Stolen From Car Leads to Breach133,000 Notified of Oklahoma Birth Defects Registry Breach
The unencrypted laptop, stolen from an employee's car April 6, contained a database related to the Oklahoma Birth Defects Registry. The laptop was used to record data from hospital medical records. Personal information on the laptop included the names of parents and children, plus birthdates, mailing addresses, Social Security numbers, medical record information, and lab and test results. The laptop included information on nearly 35,000 children with birth defects.
Also stolen were 50 paper files containing abstracted medical information. The state agency is working with law enforcement authorities on the investigation of the theft.
The department is offering free identity protection services to those affected. "We are reviewing our administrative policies to strengthen safeguards to better protect the confidentiality of the data we collect," State Health Commissioner Terry Cline said in a website statement. "We recognize our obligation to make any changes that will ensure a similar incident cannot happen again."
The Oklahoma Birth Defects Registry provides statewide surveillance of birth defects to reduce the prevalence of birth defects through prevention education, monitoring trends and analyzing data.
Under the HITECH Act breach notification rule, breaches that affect 500 or more individuals must be reported to the Department of Health and Human Services' Office for Civil Rights within 60 days. As of Wednesday, the Oklahoma breach was not yet included on OCR's list of major health information breaches.