A press release from the Oklahoma State Department of Health, issued today:
The Oklahoma State Department of Health (OSDH) is notifying nearly 133,000 individuals that their names and some personal information may have been contained on an agency laptop computer that was stolen from an OSDH employee’s car last week.
A database related to the Oklahoma Birth Defects Registry was on the computer. The Oklahoma Birth Defects Registry provides statewide surveillance of birth defects to reduce the prevalence of birth defects through prevention education, monitoring trends and analyzing data. The laptop was used to record data from hospital medical records. An additional 50 paper files containing abstracted medical information were also taken in the theft.
“We are mindful that Oklahoma’s citizens trust the OSDH to do all it can to protect the personal data we acquire as part of our disease prevention services,” said State Health Commissioner Dr. Terry Cline. “We offer our apologies to those who may be affected.”
The OSDH sent letters to affected persons and posted information on the OSDH website about the theft and potential data loss. The OSDH is cautioning those whose data might be compromised to contact credit reporting agencies and take other steps to protect their personal information. The OSDH will also make available identity protection services.
“We are reviewing our administrative policies to strengthen safeguards to better protect the confidentiality of the data we collect. We recognize our obligation to make any changes that will ensure a similar incident cannot happen again,” Cline said.
Persons with questions or concerns about this incident may call toll free 1-866-278-7134 during the hours of 8 am to 5 pm Monday through Friday; or email the OSDH at [email protected] or visithttp://www.health.ok.gov for more information.
The OSDH is working closely with the Yukon Police Department in its investigation and advises anyone with knowledge of the theft to contact the Yukon Police Department at 354-1102.
A copy of the notification letter and an FAQ on the breach were posted to the state’s web site as well. The notification letter informs people that the laptop was stolen in Yukon on April 6. The letter also notes:
Information may include names for you and your child, any previous full name for your child, birthdates, mailing address, Social Security numbers, medical record information, laboratory and/or test results, or Tribal membership for your child.
Great thanks to Bart Porter of Redemtech for alerting me to this incident.
Idiots! It appears that the great majority of these “breaches” are via stolen “portable” computers. Who are these idiots who (first) are given access to conglomerated PII or HIPPA data and then (second) are also allowed to carry it all with them?? (And then conveniently leave these items in their cars, hotel rooms, restaurants, waiting areas, etc?)
Is anybody tracking whether or not these people (those leaving these devices laying around to be stolen) are personally accountable (“punished”) in some serious, clear, unambiguous way (and not simply covered or swept under the corporate or organizational “review of policies” rug?) Are they all “classified” as employees exempt from being fired?
Then again, we are talking about the state whose Department of Public Safety sells PII to anyone and everyone as a source of income (http://newsok.com/oklahoma-brings-in-millions-by-selling-personal-data/article/3451253).