University of Oklahoma Acknowledges Data Breach from Stolen Laptop | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

University of Oklahoma Acknowledges Data Breach from Stolen Laptop

October 19, 2015
by Rajiv Leventhal
| Reprints

The University of Oklahoma (OU) has acknowledged a data breach from July regarding a stolen laptop from a physician who formerly worked in the university’s urology department that may have included limited patient health information.

The University of Oklahoma was made aware of the incident in August and has since mailed notification letters to 9,300 urology patients informing them that their information may have been breached. According to an OU statement, the physician may have had a data base spreadsheet stored on the laptop, which was password-protected but not encrypted. However, the physician is not certain that patient information was on the laptop,

The spreadsheet may have contained limited information from pediatric urology procedures occurring between 1996 and 2009, such as patient names, diagnosis and treatment codes and dates (most between 1996-2006), date of birth or age, a brief description of a urologic medical treatment or procedure, medical record number, and the treating physician’s name. Social Security numbers were not included. Neither were addresses, account information, or credit card information, according to OU.

OU determined on or about September 18 that the former physician and his current employer had not yet notified the university patients whose information may have been on the laptop, so the university is now doing so. The department was not aware that the physician had taken any of its patient information with him when he left the university, OU officials said.

OU is offering a one-year subscription to credit monitoring and reporting services at no cost to the patients whose information may have been on the spreadsheets, to address any concerns they may have.

 

Topics

News

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.