Oregon Health & Sciences University is notifying some 4,000 patients regarding a breach. This is the third time since 2009 that the facility has had such a breach – every time involved a lost or stolen and unencrypted laptop or portable device.
This cannot be stressed too highly. Covered entities and business associates MUST MUST MUST encrypt portable devices. It’s a simple and inexpensive step, and it makes a world of difference in whether a breach is reportable or manageable.