Laptop stolen from Oregon doctor's car affects 4,000 patients
|
Date Reported:
8/11/10
Organization:
Dr. David Gostnell*
*This page is Dr. Gostnell's staff page at OHSU. OHSU is not involved in this breach.
Contractor/Consultant/Branch:
None
Location:
Portland, Oregon
Victims:
Patients
Number Affected:
4,000
Types of Data:
"full names, diagnoses and Social Security numbers"
Breach Description:
"PORTLAND, Ore. -- A Portland psychologist is alerting 4,000 patients after his laptop, which contained personal health information, was stolen from his car last month."
Reference URL:
FOX 12 Oregon
Examiner.com
The Oregonian
Report Credit:
FOX 12 Oregon, KPTV
Response:
From the online sources cited above:
PORTLAND, Ore. -- A Portland psychologist is alerting 4,000 patients after his laptop, which contained personal health information, was stolen from his car last month.
[Evan] We've never heard of a laptop being stolen from a car before, have we? Of course we have! It is dangerous to leave your laptop in your car.
Dr. David Gostnell said his computer and briefcase were taken July 7.
The laptop contained evaluations which listed patients' full names, Social Security numbers and diagnoses, he said.
[Evan] This type of information should never be stored on a laptop computer, or any other mobile device.
The briefcase, which contained individual evaluation records, was found in a nearby garbage bin.
The theft was reported to Portland police the next day.
Although the laptop was password protected, there was a disc in the CD drive that contained a partial backup of the hard drive, Gostnell said.
[Evan] Puhleez! Operating system password protection is NOT adequate protection. The password can be bypassed in less than 60 seconds. To even mention it seems misleading. The fact that a backup CD was left in the drive is only icing on the cake. Not much of a backup if you keep the disc in the drive and the laptop is stolen. Now we have two copies of the confidential data to be concerned about.
The breach doesn't involve any individuals evaluated by Gostnell at Oregon Health and Science University Hospital, he said.
Gostnell said he has no reason to believe the laptop or briefcase was stolen for reason of identity theft or that any personal information has been released or used.
[Evan] It may not have been. When the thief realizes what he/she has, the original motivation doesn't mean so much. The fact of the matter is that multiple poor information security practices have led to a significantly increased likelihood of unauthorized disclosure and misuse. Off the top of my head, I can't think of a better way to expose the information.
Patients at Gostnell’s OHSU practice were not affected. Patients at his Northeast Portland practice, however, should call 1-.
Oregon's Board of Psychologist Examiners lists David R. Gostnell, Ph.D., License #600, as active and not under discipline or supervision.
[Evan] This and the next snippet were published on Examiner.com
His address is 1923 NE Broadway, Portland, Oregon, and his phone number is .
Commentary:
Breaches like this really get under my skin. It's negligence.
Past Breaches:
Unknown
Posts Atom 1.0
Comments