BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

UCSF waited six months before telling 6, 313 patients of data breach

From: rchick <rchicker () etiolated org>
Date: Thu, 1 May 2008 21:36:28 -0400
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/05/01/MNKE10DRGN.DTL&tsp=1
May 1, 2008

San Francisco -- Information on thousands of UCSF patients was
accessible on the Internet for more than three months last year, a
possible violation of federal privacy regulations that might have
exposed the patients to medical-identity theft, The Chronicle has
learned.

The information accessible online included names and addresses of
patients along with names of the departments where medical care was
provided. Some patient medical record numbers and the names of the
patients' physicians also was available online.

The breach was discovered Oct. 9, but the medical institution did not
send out notification letters to the 6,313 affected patients until
early April, nearly six months later.

The consequences of health care data breaches can be significant, said
experts. Sensitive information can be used by employers, health
insurers and other entities to discriminate. Additionally, thieves can
use purloined information to obtain medical treatment and prescription
drugs and to file false medical claims.

"This is a large and very significant data breach," said Pam Dixon,
executive director of the World Privacy Forum, a nonprofit public
interest research and consumer education group. "To commit medical
identity theft, all you need is a patient's name, address and the name
of the hospital. If you have a doctor's name and the medical
department where the patient was being treated, it is gold. If you add
a medical record number, it is a disaster for patients."

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: