Oregon Health and Science University

Under Review: 
No Review
Date Breach Made Public: 
April 1, 2013
Portland , OR
United States
Oregon US
Records Breached: 

4,022 (Nine Social Security Numbers reported)

Breach Total Number: 
Year of Breach: 
Type of organization: 
Type of breach: 

The theft of a surgeon's unencrypted laptop resulted in the exposure of patient information.

UPDATE (07/6/2016): "The Department of Health and Human Services hit the University of Mississippi Medical Center (UMMC) with a $2.75 million fine over a health data breach, its second major privacy action in a week.

The HHS Office for Civil Rights (OCR) is penalizing UMMC for a series of alleged privacy and security violations of the Health Insurance Portability and Accountability Act, also known as HIPAA. The settlement relates to a password-protected laptop that went missing from the hospital’s intensive care unit in March 2013. After an investigation, the medical center determined the computer was likely stolen by a visitor who had asked to borrow it."

UPDATE (04/25/2013): The laptop was stolen from a surgeon's Hawaii rental home and was used for research purposes.  Any laptops used for patient care are required to be encrypted while laptops used for research are not required to be encrypted.  The laptop was used to access emails related to patient care such as patient names, medical record numbers, types of surgery and dates of surgery, times and locations of surgery, gender, age, and name of surgeon and anesthesiologist information. Nine patients had their Social Security numbers exposed.