Stanford, Oregon University Hospitals Face Security Breach; Patients’ Data Exposed Through Device Theft/Loss
Approximately 2,500 patients of Stanford Hospital & Clinics and the Stanford University School of Medicine may have seen their personal data exposed after a physician’s password-protected laptop was stolen July 15 or 16, as reported by cmio.net.
“University officials stressed that based on tracking software installed on the computer, there is no evidence that the private information has been accessed and that they are notifying the affected patients as a precaution,” writes Robert Salonga for mercurynews.com.
This incident follows last year’s privacy intrusion at Stanford Hospital which saw some 20,000 emergency room patients’ data posted on a commercial site.
The Oregon Health & Science University Hospital in Portland has had its own share of patient data privacy trouble as it appears a stolen USB drive may have allowed unauthorized access to info on 14,000 patients and 200 employees.
It appears that the breach was due to an employee inadvertently taking the USB home in a briefcase that was stolen from his home along with other items.
“The incident does not impact all OHSU patients, but affects a limited number of premature pediatric patients who were screened for vision issues. In the vast majority of cases, the data is very limited in scope. None of the patient data is the kind of information typically used for identity theft,” reads the press release on this incident.
As in the case of the Stanford breach, officials suspect the stolen data has not actually been accessed, so patients are informed of the incident as a precaution only. “It’s likely that the USB drive was never the target. In fact, other computer equipment in the home was left untouched. Nevertheless, based on our investigation, we are contacting families because we think it’s the right thing to do. We are also reporting the theft to the federal office that manages health information privacy and a police report was filed,” said Ron Marcum, M.D., interim chief corporate integrity officer in the OHSU Integrity Office.