Oregon: Attorney General settles with Providence over data breach

[Dissent <Dissent () pogowasright org>]

http://www.kgw.com/business/stories/kg_w092606_health_providence_settlement.1cafd2ec.html

Providence Health System and state Attorney General Hardy Myers filed 
a settlement agreement Tuesday over a data breach at the health system.

In December 2005, backup tapes and computer disks with personal 
information on 365,000 patients were stolen from a Providence 
employee's car. The data was not encrypted.

The attorney general's office said it had no confirmed reports of 
identity theft associated with the case.


As part of the settlement, Providence will continue to provide free 
credit monitoring services for patients who may have been affected. 
It will also provide credit restoration to any patients who become a 
victim of identity theft. The company must increase its security 
programs and also pay patients for any direct financial losses 
related to the breach.

The settlement brings the nine-month investigation to an end. Myer's 
office said the case is the largest data breach ever reported in Oregon. 

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 136 million compromised records in 375 incidents over 6 years.