DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

OR: Corvallis Clinic laptop with PHI stolen from employee's car

Posted on December 10, 2014 by Dissent

From the web site of Corvallis Clinic:

Patient Privacy Disclosure

As guardians entrusted with maintaining information securely, we feel it is important to notify our patients of an incident involving a single laptop computer containing limited health information.  The laptop was stolen from a Corvallis Clinic employee’s locked car at a work-related conference in Portland in mid-November.

This was a breach of Clinic policy in that patient health information was reported to have been maintained on the employee’s personal laptop that had not been evaluated or cleared for use by The Clinic’s IT security officer.

The laptop was protected by a highly secure alpha-numeric password; however, the data was not encrypted. Nevertheless, a breach of patient health information is unlikely.

We take this issue very seriously and are truly sorry for any concern or inconvenience this may cause our patients.

FAQs

What type of patient information was stored on the laptop?

The information stored was limited to spreadsheets, so any patient health information that may be on the computer is limited in data. The Clinic IT staff and third-party computer forensic experts are in the process of fully investigating what may have been stored on the laptop.

Our investigation thus far has determined that the spreadsheet likely contained the following:

  • Patient name
  • Date of birth
  • Name of treating health care provider
  • Reason for visit

None of the information is known to include Social Security numbers or financial credit information. Also, only patients seen within the last two years are potentially on the spreadsheet.

What is The Clinic doing to find out more specifics about the information? How many patients does this potentially affect?

The Clinic’s primary ethical responsibility is to our patients. We are doing our due diligence to try to ascertain what information is contained on the spreadsheet and how many patients were listed. However, unless the laptop is recovered, the exact details of the information and the total number of patients listed may never be known.

The estimated number of patients affected will be reported to the U.S. Office of Civil Rights and the Department of Health and Human Services by mid-January, 2015.

How much time elapsed from the time of the theft to when the employee notified The Clinic?

The employee reported the theft to supervisors and authorities within 24 hours.

Why did The Clinic wait until now to notify patients? Should not patients have been notified immediately?

The Clinic needed time to begin analyzing what type of patient information was on the laptop. Per federal law, an organization has 60 days to notify the public of a possible breach of patient health information security. The Clinic is notifying the public and media earlier than required because we want our patients and the community to know that we take this issue very seriously and are dedicated to the privacy and security of patient information.

What steps has The Clinic taken to help prevent this from happening in the future?

The Clinic is doing its due diligence to remind employees of its policies and procedures related to its security of health information.

Will I be able to find out if any of my information was contained on the laptop?

The Clinic will be notifying the patients who possibly have been affected by mail or, if available, email.

Additional questions?

If you have more questions, call The Clinic’s Patient Privacy Office at 855-699-0716.

h/t, Corvallis Gazette-Times

Related posts:

  • Unencrypted laptops still a major cause of breach reports to HHS
Category: Uncategorized

Post navigation

← They Know You Buy Viagra and They Want to Sell You More
Audit finds flaws remain in U. Maryland network security, even after data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.