BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Patients of UMass Center Warned of Security Breach

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 5 Jun 2013 10:27:37 -0500
http://www.wggb.com/2013/06/04/patients-of-umass-center-warned-of-security-breach/

AMHERST, Mass. (WGGB) — UMass officials are notifying patients of the
school’s Center for Language, Speech, and Hearing that their personal
health data may have been compromised after malware infected a
workstation.

The center, which offers clinical services for people with
communication disorders, differences, or delays, is sending out
letters to about 1,600 patients whose records were affected, in
accordance with federal regulations.

According to a statement from UMass, the workstation became
“inadvertently infected” with a malware program on April 5, 2013 and
that the risk of theft of the personal information was “low.”

An investigation conducted by the university’s Office of Information
Technology found no evidence indicating that any of the data was
copied from that infected workstation.

Some of the data in question includes names, addresses, birthdays,
Social Security numbers, health insurance company and policy numbers,
diagnoses, and primary or referring doctors names.

Dan Gerber, associated Dean of UMass’ School of Public Health and
Health Sciences, is advising patients in the letter to be aware of
“any unusual activity with respect to your health insurance
information to limit the likelihood of misuse of PHI [protected health
information].”

The university says that steps have been taken to improve security at
all the workstations at the center, as well as provided additional
training to staff on security practices.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: