DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

OR: Corvallis Clinic laptop with PHI stolen from employee's car

Posted on December 10, 2014 by Dissent

From the web site of Corvallis Clinic:

Patient Privacy Disclosure

As guardians entrusted with maintaining information securely, we feel it is important to notify our patients of an incident involving a single laptop computer containing limited health information.  The laptop was stolen from a Corvallis Clinic employee’s locked car at a work-related conference in Portland in mid-November.

This was a breach of Clinic policy in that patient health information was reported to have been maintained on the employee’s personal laptop that had not been evaluated or cleared for use by The Clinic’s IT security officer.

The laptop was protected by a highly secure alpha-numeric password; however, the data was not encrypted. Nevertheless, a breach of patient health information is unlikely.

We take this issue very seriously and are truly sorry for any concern or inconvenience this may cause our patients.

FAQs

What type of patient information was stored on the laptop?

The information stored was limited to spreadsheets, so any patient health information that may be on the computer is limited in data. The Clinic IT staff and third-party computer forensic experts are in the process of fully investigating what may have been stored on the laptop.

Our investigation thus far has determined that the spreadsheet likely contained the following:

  • Patient name
  • Date of birth
  • Name of treating health care provider
  • Reason for visit

None of the information is known to include Social Security numbers or financial credit information. Also, only patients seen within the last two years are potentially on the spreadsheet.

What is The Clinic doing to find out more specifics about the information? How many patients does this potentially affect?

The Clinic’s primary ethical responsibility is to our patients. We are doing our due diligence to try to ascertain what information is contained on the spreadsheet and how many patients were listed. However, unless the laptop is recovered, the exact details of the information and the total number of patients listed may never be known.

The estimated number of patients affected will be reported to the U.S. Office of Civil Rights and the Department of Health and Human Services by mid-January, 2015.

How much time elapsed from the time of the theft to when the employee notified The Clinic?

The employee reported the theft to supervisors and authorities within 24 hours.

Why did The Clinic wait until now to notify patients? Should not patients have been notified immediately?

The Clinic needed time to begin analyzing what type of patient information was on the laptop. Per federal law, an organization has 60 days to notify the public of a possible breach of patient health information security. The Clinic is notifying the public and media earlier than required because we want our patients and the community to know that we take this issue very seriously and are dedicated to the privacy and security of patient information.

What steps has The Clinic taken to help prevent this from happening in the future?

The Clinic is doing its due diligence to remind employees of its policies and procedures related to its security of health information.

Will I be able to find out if any of my information was contained on the laptop?

The Clinic will be notifying the patients who possibly have been affected by mail or, if available, email.

Additional questions?

If you have more questions, call The Clinic’s Patient Privacy Office at 855-699-0716.

h/t, Corvallis Gazette-Times

No related posts.

Category: Uncategorized

Post navigation

← They Know You Buy Viagra and They Want to Sell You More
Audit finds flaws remain in U. Maryland network security, even after data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.