BreachExchange mailing list archives
UCSF waited six months before telling 6, 313 patients of data breach
From: rchick <rchicker () etiolated org>
Date: Thu, 1 May 2008 21:36:28 -0400
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/05/01/MNKE10DRGN.DTL&tsp=1 May 1, 2008 San Francisco -- Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical-identity theft, The Chronicle has learned. The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also was available online. The breach was discovered Oct. 9, but the medical institution did not send out notification letters to the 6,313 affected patients until early April, nearly six months later. The consequences of health care data breaches can be significant, said experts. Sensitive information can be used by employers, health insurers and other entities to discriminate. Additionally, thieves can use purloined information to obtain medical treatment and prescription drugs and to file false medical claims. "This is a large and very significant data breach," said Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research and consumer education group. "To commit medical identity theft, all you need is a patient's name, address and the name of the hospital. If you have a doctor's name and the medical department where the patient was being treated, it is gold. If you add a medical record number, it is a disaster for patients." [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- UCSF waited six months before telling 6, 313 patients of data breach rchick (May 01)