Car thieves get personal data on Portland psychology patients, unemployed Oregonians

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.oregonlive.com/portland/index.ssf/2010/08/car_thieves_get_personal_data.html

Car burglars in the past week have made off with personal records of
4,000 patients of a Portland psychologist and the names and Social
Security numbers of 2,900 jobless Multnomah County residents.

Psychologist David Gostnell is alerting his patients after an
unsecured laptop that contained personal information was stolen from
his vehicle Saturday.

Portland Community College has alerted the unemployed Multnomah County
residents that their names and Social Security numbers were on a data
storage device stolen from a college employee's car Aug. 5.

Gostnell, who runs a private practice in Northeast Portland and works
at Oregon Health & Science University, had a password-protected
laptop, though a disc left in the CD drive contained a partial backup
of the hard drive. The laptop contained evaluations with people's full
names, Social Security numbers and diagnoses.

His briefcase, which included evaluation records, also was stolen,
though all those records were recovered shortly after the theft in a
nearby trash bin. Gostnell does not believe the items were stolen to
obtain patient information.

Records from patients Gostnell treated at OHSU were not on the laptop,
said his attorney, Paul Cooney.According to OHSU's website, Gostnell
has served as a clinical assistant professor in the departments of
Neurological Surgery and Medical Psychology since 1992. He assesses
and treats patients with neurological disorders at OHSU, in his
private practice and as a consultant to Kaiser Permanente.

People who have been evaluated by Gostnell can call a toll-free
number, 1-877-461-7657, if they have questions about the matter.

Gostnell recommended that patients monitor their accounts and bank
statements and check their credit report regularly. People also should
look for signs of identity theft, such as receiving credit cards they
haven't applied for or failing to receive bills or other mail.

The PCC-related burglary involved the theft of a flash drive-type
device containing the names of participants in the Oregon Food Stamp
Employment Transition Program operated at the college. The program
provides support and job-hunting skills for unemployed Oregonians.

The college sent letters to alert everyone listed on the flash drive
of the theft. It also is providing them credit-protection services
against identity theft for the next year, said Dana Haynes,  spokesman
for the college.

"There is no evidence that any name or Social Security number has been
used so far," Haynes said. The college also has posted credit
protection information online.

A PCC employee who worked at multiple sites was transferring the data
from one site to another when the theft occurred. The flash drive was
in a bag that was stolen from the car.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php