This incident has 0 proposed changes. Know of details that have changed? Submit them Showing Incident 207 To_xml

SUMMARY

Personal data and medical records for 365,000 on stolen backup disks and tapes
Records 365,000
Record Types NAA MED
Breach Type Stolen Tape
Data Family Electronic
Source Outside
Organization Providence Health System
Other Affected/Involved Organizations None
Lawsuit? YES
Data Recovered? NO/UNKNOWN
Arrest? NO/UNKNOWN
Submitted By: Anonymous

TIMELINE

DateEvent
None. Add Data Incident Occurred
None. Add Data Incident Discovered By Organization
2006-01-26 Organization Reports Incident
None. Add Data Organization Mails Notifications
None. Add Data Records Recovered
None. Add Data Lawsuit Filed
None. Add Data Arrest Made

SIMILAR INCIDENTS

recordsdateorganizations
396,279 2006-12-12 Aetna Inc., Humana Medicare, Concentra Preferred Systems, Group Health Insurance Inc., Nationwide, WellPoint, Anthem Blue Cross Blue Shield, Mutual of Omaha Insurance Company

SPONSOR

Zecurion Sponsors DataLossDB

Zecurion protects organizations worldwide, with more than 5,000 global deployments, using its award-winning software security solutions. Zecurion’s solutions create a “locked-vault” around data on servers, backup storage media, e-mail, peripheral devices and printers that both monitors and prevents unauthorized access.

MAP OF INCIDENT LOCATION

Address: USA
Have a better address for this incident? Suggest it!

suggest a new reference

REFERENCES

suggest a new attachment

ATTACHMENTS

KNOWN COURT CASES

UNDER APPEAL

Gibson et al. v. Providence Health System
Filed On Justia Link Pacer Link Court Federal? Case Number Pacer Case Number Incident
2006-09-22 N/A N/A CIRCUIT COURT OF THE STATE OF OREGON - COUNTY OF MULTNOMAH false 0601-01059 207
Case Files
Awards / Settlements
AwardMonetary ValueDescription
$0.00
OSF Summary

COSTS SUMMARY

Known Actual Costs

No known costs for this incident.

Estimated Costs

Ponemon Institute Direct Costs Estimate 1 $21,900,000.00
  1. Note that these estimates are based on the Ponemon Institute's 2009 direct costs figures from their 2009 Annual Study: Cost of a Data Breach. We multiply $60.00 by the number of records to obtain this figure. Keep in mind that depending on the breach, the direct costs are not always suffered by the breached organizations. In the case of credit card number breaches, the direct costs can often be suffered by banks and card issuers. Also note that this is only an estimate.

COMMENTS

by Anonymous on 2009-01-19 (about 3 years ago)

This case had a lot of follow-up, in addition to the settlement with the Oregon AG (that file available on OSF already):

- The U.S. Dept. of Health & Human Services/Office of Civil Rights issued its first financial penalty ever for violating HIPAA. See http://www.hhs.gov/news/press/2008pres/07/20080717a.html of July, 2008. The settlement required Providence to implement even more security and corrective measures.

- A class action lawsuit filed against Providence was thrown out of court in 2007.

- Steven Shields, the IT worker who reported the data theft to law enforcement, was fired and subsequently filed a wrongful termination suit under Oregon's whistleblower statute. I don't know the status of that, but defending the lawsuit certainly adds to Providence's costs of this one breach.

/Dissent
http://www.phiprivacy.net

New Comment

captcha
Are you human?

Incidents:

Data Types:

Sectors:

Sources:

Breach Types:

Sponsored By: Credant_200x51 Rbs Tenable Zecurion
Use of the DataLossDB, and its exports, RSS feeds, reports, or other materials produced on this site by the Open Security Foundation requires authorization and potential licensing arrangements. For more information, please e-mail officers@opensecurityfoundation.org with a brief summary of how you would like to use this information; product, service, research, etc.
© 2005 - 2012, Open Security Foundation, All Rights Reserved.