More than 14K affected in Oregon hospital breach

Yet another hospital has suffered a data breach. The administration at Oregon Health & Science University Hospital (OHSU) in Portland is sending letters to the families of 702 pediatric patients after a USB drive containing some of their patient information was stolen. In total, data for more than 14,000 patients was stored on the drive, along with information for about 200 OHSU employees.

The incident affects a limited number of premature pediatric patients who were screened for vision issues, according to a release posted on the hospital's website. The release also says in most cases, the data is very limited, password-protected and can only be opened by software not commonly found on personal computers.

The thumb drive carrying the data was stolen during the burglary of an OHSU employee's home on July 4 or 5. The employee inadvertently took the USB drive home in a briefcase at the end of the workday. During the home burglary, the briefcase along with several other items was stolen.

Prior to the theft, the drive was used to back up data from one OHSU computer system to another and is normally locked in a secure location on campus after use. Since the theft, OHSU said it has conducted an extensive investigation into exactly what was taken and the steps needed to access the password-protected data and open the files in a readable format.

Although "the stolen USB drive was never intended to leave campus, OHSU has been working to develop methods for ensuring USB drives are encrypted," according to the release. "OHSU plans to step up these efforts in light of this incident." OHSU said it is contacting patients to make them aware of the situation.