More than 14K affected in Oregon hospital breach

[InfoSec News <alerts () infosecnews org>]

http://www.cmio.net/index.php?option=com_articles&view=article&id=34784:more-than-14k-affected-in-oregon-hospital-breach

By Beth Walsh
CMIO.net
August 6, 2012

Yet another hospital has suffered a data breach. The administration at 
Oregon Health & Science University Hospital (OHSU) in Portland is 
sending letters to the families of 702 pediatric patients after a USB 
drive containing some of their patient information was stolen. In total, 
data for more than 14,000 patients was stored on the drive, along with 
information for about 200 OHSU employees.

The incident affects a limited number of premature pediatric patients 
who were screened for vision issues, according to a release posted on 
the hospital's website. The release also says in most cases, the data is 
very limited, password-protected and can only be opened by software not 
commonly found on personal computers.

The thumb drive carrying the data was stolen during the burglary of an 
OHSU employee's home on July 4 or 5. The employee inadvertently took the 
USB drive home in a briefcase at the end of the workday. During the home 
burglary, the briefcase along with several other items was stolen.

Prior to the theft, the drive was used to back up data from one OHSU 
computer system to another and is normally locked in a secure location 
on campus after use. Since the theft, OHSU said it has conducted an 
extensive investigation into exactly what was taken and the steps needed 
to access the password-protected data and open the files in a readable 
format.

[...]