#Privacy: Health Share of Oregon discloses data breach

A stolen laptop has led to the exposure of personal information of Health Share’s members. 

On November 18, 2019, GridWorks IC, Health Share’s contracted non-emergent medical transportation vendor, suffered a break-in and theft, to which on January 2, 2020, Health Share discovered that a laptop had been stolen. 

The laptop contained member information including members’ names, phone numbers, addresses, dates of birth, Social Security numbers, and Medicaid ID numbers. No personal health histories were exposed. 

It is reported that 654,362 individuals’ personal information is involved.

Subsequently, Health Share will be sending letters to impacted members notifying them of the breach and offering one year of free credit monitoring and identity restoration services. 

Members who receive a letter are strongly urged to take advantage of the services offered as Health Share cannot confirm whether the individual who took the laptop found or used members’ information. 

In response to the breach, Health Share will be enhancing training policies and ensuring that the transmission of patient information is kept to a bare minimum. In addition, Health Share is expanding annual audits with its contractors. 

“Though the theft took place at an external vendor, we take our members’ privacy and security very seriously. We are ensuring that members, partners, regulators, and the community are made fully aware of this issue,” said Maggie Bennington-Davis, MD, interim CEO and Chief Medical Officer. 

“We are committed to providing the highest quality service to our members, which includes protecting their personal information.”

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.