Oregon Psychiatric Security Review Board breach disclosed
I was reading an article by Yuxing Zheng of The Oregonian , and noticed a reference to a breach involving the state’s Psychiatric Security Review Board that I don’t recall seeing before:
The paper and electronic documents were stolen from an employee’s vehicle on May 16, according to a notification letter the board sent the following day to the 27 people.
The paper documents included exhibits for May 15 hearings that contained clinical and treatment information. The electronic documents also contained that information as well as criminal histories, such as names, dates of birth and Social Security numbers. Some documents also contained driver’s license numbers.
The electronic files were contained on a password-protected stick drive, Follansbee said.
Staff reported the incident to law enforcement. The theft apparently occurred during the transport of files, according to the May 17 letter, and Follansbee has called for a review of those procedures.
I can find no other media coverage of the breach or notice on their site. And while this breach will not appear on HHS’s breach tool, I do hope HHS investigates this breach, as it seems that there were a number of failures here, including leaving PII/PHI in a vehicle and not encrypting the files on the flash drive.
Source: The Oregonian