Portland/ Health & Lifestyle
AI Assisted Icon
Published on May 18, 2024
Multnomah County Health Centers Alert Over 1,000 Clients of Possible Data Breach by Ex-EmployeeSource: Google Street View

In what's being called a disturbing lapse in security, Multnomah County is alerting 1,092 of its Health Center clients about a possible breach of their personal health information. According to a news release from the County, a former employee held onto a County-issued laptop containing sensitive client data long past their dismissal date. Clients' names, medical record numbers, and Medicaid IDs, along with their dates of birth, gender, race, and ethnicity have potentially been exposed.

While the mishandling of the device by the fired employee has sparked concern, Social Security and driver's license numbers, luckily, were not involved in the breach. After failing to return the laptop, only clients who attended various health center locations are being affected, all whom were reached with letters advising them to sign up for a complimentary identity theft protection service provided by the County.

The breach reportedly took place on March 4, with the County's IT security team detecting suspicious activity through their anti-malware systems on April 24. It emerged that the former staffer, despite no longer having rightful access to the information, could still use their old account to log in to the computer. Consequently, after numerous demands for the unauthorized employee to return the laptop went ignored, a police report was filed with the Portland Police Bureau (case number 24-107-327).

Efforts to reinforce safety measures are now underway, with Health Department and IT heads implementing stricter protocols and training to ensure this kind of breach doesn’t happen in the future. Moreover, support services are being arranged to advise and protect the affected clients, who are also encouraged to put free fraud alerts on their credit files. Those targeted by the breach have been instructed on how to avail of these services either online, by phone, or via the QR code provided in the notification letter.

Although no misuse of the information has been reported, enrolment in the IDX Once identity theft protection plan is strongly recommended. The plan is available at this link, and IDX representatives are on hand to assist clients from Monday to Friday during business hours.