Stolen Laptops Lead Breach RoundupTwo Healthcare Organizations Report Thefts
In this week's breach roundup, two healthcare organizations reported breaches involving stolen unencrypted laptops. Stolen laptops are a common cause of major health information breaches, according to a federal tally (see: Breach Tally: Encryption Still an Issue).
Laptop Theft Affects 4,000 Patients
Oregon Health & Science University in Portland is notifying approximately 4,000 patients about a breach after an unencrypted laptop was stolen from a surgeon's vacation rental home in Hawaii in late February.
The patient information on the laptop was located exclusively within the e-mail program, according to a notice on the organization's website. The information was contained within daily surgery schedules that are e-mailed to surgeons.
Information on the laptop included patient names, genders and age; medical record numbers; type of surgery; surgery dates, time and locations; and name of the surgeon and anesthesiologist.
A small number of the e-mails stored Social Security numbers for nine patients. Those individuals are being offered free identity theft monitoring.
At the time of the incident, encryption was required only for laptops used for patient care. "Because the laptop in question was purchased and used for research purposes, it was not encrypted," the website notice says.
Breach Involves a Shared Laptop
The University of Mississippi Medical Center in Jackson reports that an unencrypted laptop shared by several clinicians was stolen from a patient-care area.
The medical center is not disclosing the number of patients affected. "In this case, due to insufficient contact information for those who may be affected, individual notifications are not possible," according to a website notice.
Officials learned of the breach on Jan. 22, the notice says. The laptop contained health and personal information about an undisclosed number of adult patients seen between 2008 and January 2013. Information on the laptop may include names, addresses, dates of birth, Social Security numbers, diagnoses, medications, treatments and other clinical information.
The medical center says it hasn't received any notifications regarding misuse of protected health information as a result of the breach.
Paper Records Reported Missing
Granger Medical Clinic, in West Valley City, Utah, is notifying patients of a possible breach after 2,600 paper medical appointment records scheduled for shredding went missing.
The records, printed from an electronic scheduling database and discovered to be missing Jan. 22, included patient names, dates and times of the appointments, and the reason for their visit, according to The Salt Lake Tribune.