Third big HIPAA breach for OHSU

Oregon Health & Science University (OHSU) is notifying 4,000 patients after an unencrypted laptop containing their personal health information was stolen from a surgeon’s vacation rental. This is OHSU’s third reported HIPAA breach since 2009 involving stolen and unencrypted devices. Patient data, including names, genders, dates of birth, surgery information, and SSNs for 17 patients, was stored on the laptop. OHSU believes the burglars targeted cash and physical items rather than the data. OHSU recently enacted stricter encryption requirements to prevent similar breaches in the future.