OHSU says stolen USB drive contained some patient data
PORTLAND, Ore. – Oregon Health and Science University sent out letters to the families of about 700 patients warning that some of their personal data was on a USB drive stolen from an employee’s home.
The hospital said the incident does not impact all patients, but rather only some premature pediatric patients who were screened for vision issues.
Relatively basic personal data for around 14,000 patients was on the stolen drive, although the hospital reports 702 of the patients in the files had more sensitive data listed. Those patients received letters from OHSU.
A hospital spokesman added that most of the personal data is fairly limited and nearly all of it was password protected. It can also only be opened on specialized software not typically found on personal computers.
An employee inadvertently left the USB drive in his briefcase and recently brought it home, the hospital said. Somebody then broke into that employee’s home and stole the briefcase and other items.
"Based on the home burglary investigation, the motive of the thieves appeared to be stealing items, such as jewelry, that could quickly be resold for money," explained Ron Marcum, M.D., interim chief corporate integrity officer in the OHSU Integrity Office.
OHSU said the following data was on the stolen drive:
- Pediatric patient information (name, date of birth, phone number, address, OHSU medical record number, and a one- to four-word description of the patient's medical condition, or family medical history in some cases) for approximately 14,300 patients. The data is gathered to track the results of vision screenings for newborns born prematurely. Nearly all of this data is password-protected and all of it is in an uncommon file format. A subset of the data for these patients was slightly more sensitive because it contains data that is considered more personal. These patients (702 in total) are receiving letters from OHSU this week.
- A database of OHSU staff information, including names, Social Security numbers, addresses, employment-related vaccination information for 195 OHSU employees.
Were you one of the patients whose data was on the drive? We'd like to hear from you. E-mail newstips@katu.com
So much for privacy regarding our medical records: What was this employee doing downloading patient information onto a USB drive for, anyway? And âaccidentallyâ leaving it in his briefcase, yeah, right.
This does NOT sound innocent to me, and the circumstances seem a bit convenient, including the fact that the briefcase was stolen with the USB drive in it. Who steals a briefcase, anyway???
 @angelgabe My sister-in-law had her window smashed out of her vehicle downtown Eugene and the only thing they took was a briefcase, I chewed her out for having it in plain sight but thieves are not overly picky.  Innocent or not I completely agree that this information should not have been on a portable drive to begin with much less at home in their briefcase. If I did something stupid like that at work I would be looking for a new job.