A large data breach that compromised the health records of thousands of patients has cost the Oregon Health and Science University $2.7 million.
The fine comes after the U.S. Department of Health and Human Services Office for Civil Rights found the protected information of 3,000 people had been compromised on two laptops, a thumb drive and a cloud-based server.
An investigation found data vulnerabilities that could potentially reveal the patients’ diagnoses, photos, credit card and Social Security numbers, according to the Office for Civil Rights. Disclosure of such information violates the Health Insurance Portability and Accountability Act (HIPAA).
The university is an academic and research institution with
two hospitals and several clinics in Portland and throughout Oregon.