Laptop Stolen From Car Leads to Breach

133,000 Notified of Oklahoma Birth Defects Registry Breach
Laptop Stolen From Car Leads to Breach
The Oklahoma State Department of Health is notifying nearly 133,000 individuals about a health information breach involving the theft of a laptop computer containing personal information.

The unencrypted laptop, stolen from an employee's car April 6, contained a database related to the Oklahoma Birth Defects Registry. The laptop was used to record data from hospital medical records. Personal information on the laptop included the names of parents and children, plus birthdates, mailing addresses, Social Security numbers, medical record information, and lab and test results. The laptop included information on nearly 35,000 children with birth defects.

Also stolen were 50 paper files containing abstracted medical information. The state agency is working with law enforcement authorities on the investigation of the theft.

The department is offering free identity protection services to those affected. "We are reviewing our administrative policies to strengthen safeguards to better protect the confidentiality of the data we collect," State Health Commissioner Terry Cline said in a website statement. "We recognize our obligation to make any changes that will ensure a similar incident cannot happen again."

The Oklahoma Birth Defects Registry provides statewide surveillance of birth defects to reduce the prevalence of birth defects through prevention education, monitoring trends and analyzing data.

Under the HITECH Act breach notification rule, breaches that affect 500 or more individuals must be reported to the Department of Health and Human Services' Office for Civil Rights within 60 days. As of Wednesday, the Oklahoma breach was not yet included on OCR's list of major health information breaches.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network