#Privacy: Health Share of Oregon discloses data breach

A stolen laptop has led to the exposure of personal information of Health Share’s members. 

On November 18, 2019, GridWorks IC, Health Share’s contracted non-emergent medical transportation vendor, suffered a break-in and theft, to which on January 2, 2020, Health Share discovered that a laptop had been stolen. 

The laptop contained member information including members’ names, phone numbers, addresses, dates of birth, Social Security numbers, and Medicaid ID numbers. No personal health histories were exposed. 

It is reported that 654,362 individuals’ personal information is involved.

Subsequently, Health Share will be sending letters to impacted members notifying them of the breach and offering one year of free credit monitoring and identity restoration services. 

Members who receive a letter are strongly urged to take advantage of the services offered as Health Share cannot confirm whether the individual who took the laptop found or used members’ information. 

In response to the breach, Health Share will be enhancing training policies and ensuring that the transmission of patient information is kept to a bare minimum. In addition, Health Share is expanding annual audits with its contractors. 

“Though the theft took place at an external vendor, we take our members’ privacy and security very seriously. We are ensuring that members, partners, regulators, and the community are made fully aware of this issue,” said Maggie Bennington-Davis, MD, interim CEO and Chief Medical Officer. 

“We are committed to providing the highest quality service to our members, which includes protecting their personal information.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/