UMC: Patient info leaks likely date back to July

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.lasvegassun.com/news/2010/jan/25/umc-patient-info-leaks-likely-date-back-july/

By Marshall Allen
Las Vegas Sun
Jan. 25, 2010

For more than three months someone at University Medical Center illegally 
leaked the personal information of traffic accident victims - a breach of 
social security numbers, birth dates and more that only stopped when the 
Las Vegas Sun contacted the hospital about it, according to a statement 
released today by UMC.

The Sun contacted the hospital Nov. 19 about the leak of "face sheets," 
the cover sheet that contains personal information about each case. That's 
the day the leak stopped, hospital officials said in a statement said.

When the Sun talked on Nov. 19 to Kathy Silver, the hospital.s chief 
executive, she said it was unlikely that there was a breach of private 
patient information. She had heard rumors of a leak during the summer, but 
a cursory investigation she conducted had revealed nothing, she said.

"I thought it was a nonissue," Silver said at the time.

That's when the Sun told her that it had 21 UMC face sheets from Oct. 31 
and Nov. 1 traffic accident victims, verifying the leak.

[...]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php