The University of Oklahoma (OU) has acknowledged a data breach from July regarding a stolen laptop from a physician who formerly worked in the university’s urology department that may have included limited patient health information.
The University of Oklahoma was made aware of the incident in August and has since mailed notification letters to 9,300 urology patients informing them that their information may have been breached. According to an OU statement, the physician may have had a data base spreadsheet stored on the laptop, which was password-protected but not encrypted. However, the physician is not certain that patient information was on the laptop,
The spreadsheet may have contained limited information from pediatric urology procedures occurring between 1996 and 2009, such as patient names, diagnosis and treatment codes and dates (most between 1996-2006), date of birth or age, a brief description of a urologic medical treatment or procedure, medical record number, and the treating physician’s name. Social Security numbers were not included. Neither were addresses, account information, or credit card information, according to OU.
OU determined on or about September 18 that the former physician and his current employer had not yet notified the university patients whose information may have been on the laptop, so the university is now doing so. The department was not aware that the physician had taken any of its patient information with him when he left the university, OU officials said.
OU is offering a one-year subscription to credit monitoring and reporting services at no cost to the patients whose information may have been on the spreadsheets, to address any concerns they may have.