BreachExchange mailing list archives
UT Physicians informs patients of data breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 30 Aug 2013 13:34:28 -0400
http://healthitsecurity.com/2013/08/29/ut-physicians-informs-patients-of-data-breach/ UT Physicians, The University of Texas Health Science Center at Houston (UTHealth) Medical School’s medical group practice, posted a notice on Wednesday notifying patients of an Aug. 2 data breach. The organization learned that an unencrypted laptop (attached to an electromyography machine) with patient data had been stolen on Aug. 2 from a locked closet inside an orthopedic clinic. Though the laptop contained names, birth dates and medical record numbers, it did not have any addresses, Social Security numbers, insurance or other financial information. The data included hand and arm image data from Feb. 2010 to July 13. The laptop was last seen on July 19 and has yet to be found. The organization offered up the boilerplate “we do not have a reason to believe any data has been compromised” response and added that the laptop was password protected and it thought all devices had been encrypted: UT Physicians does not have any reason to believe that the information has been accessed or used by any unauthorized individual, but as a precaution began mailing letters today to 596 patients whose information was stored on the laptop. UT Physicians is committed to patient privacy and deeply regrets that this incident occurred.Encryption of all laptops has been the policy at UT Physicians and UTHealth for the last two years. To date, all known laptops – more than 5,000 – have been encrypted. The medical group and UTHealth have taken steps to ensure that the missing laptop in the orthopedic clinic is an isolated incident. Additionally, UT Physicians and UTHealth officials said they will continue to work with law enforcement in their investigation. In the notification, officials said they have done a physical search of all clinics and offices to ensure that there are no other unencrypted laptops or storage devices attached to medical equipment. The organization listed a few ways it plans on avoiding these types of breaches in the future, including being more involved with medical equipment and hardware purchases. It also plans on reviewing current processes and encryption practices to prevent unencrypted devices from being stolen in the future. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- UT Physicians informs patients of data breach Jake Kouns (Aug 30)