Multnomah County Health Center reports data breach caused by stolen laptop
Take action: Disgruntled employees are one of the scariest scenarios of any organization. An employee refusing to return assets and abusing them is very dangerous and difficult to defend against.
Learn More
The Multnomah County Health Center reports a data breach affecting over 1,000 clients caused by a former employee who refused to return a county-issued laptop.
The breach occurred due to a former employee's unauthorized access to the laptop after their employment was terminated. Despite having their network account, email, and clinical systems access disabled, the former employee managed to log into the laptop and access two spreadsheets containing protected health information.
The suspicious activity was detected on April 24 by one of the county’s antimalware systems. The IT team attempted to mitigate the breach by sending a remote command to erase the laptop's contents if it connects to the internet again. Additionally, the county is implementing new technology to prevent future unauthorized access.
A police report was filed with the Portland Police Bureau (case number 24-107-327) after the former employee did not comply with repeated requests to return the laptop.
The incident compromised the personal information and records of 1,092 clients, including:
- Names
- Medical record numbers
- Medicaid IDs
- Dates of birth
- Gender
- Race
- Ethnicity
- Clinic information
- Dates of service
- Social Security numbers
- Driver's license numbers
Affected clients are being notified via mail and will receive instructions on how to enroll in a free identity theft protection program provided by the county.
