Two University of Miami Hospital employees may have stolen, sold patient data

[InfoSec News <alerts () infosecnews org>]

http://www.miamiherald.com/2012/09/07/2990379/two-university-of-miami-hospital.html

By John Dorschner
MiamiHerald.com
09.07.12

Two University of Miami Hospital employees may have stolen and sold 
information from thousands of patients who visited the facility over a 
22-month period, the medical school announced late Friday afternoon.

A press release stated UM learned of the breach from Miami-Dade police 
on July 18. “The two employees were terminated immediately,” the release 
stated, “and the university has taken steps to help patients who could 
be affected safeguard their personal information.”

A UM website said the employees “admitted improper conduct” and that the 
investigation is continuing. A UM spokeswoman said she had no 
information about how many patients records may have been taken. State 
records indicate that the UM hospital admits about 19,000 patients a 
year.

A Miami-Dade police spokeswoman said she did not immediately have 
additional information about the case.

The records that were possibly taken were “face sheets” in the 
registration process that include name, address, date of birth, 
insurance policy numbers and reason for the visit. The sheets contained 
only the last four digits of the person’s Social Security number, but UM 
noted that some insurers, including Medicare and Medicaid, use Social 
Security numbers as the policy numbers.

[...]

--
#HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia
with no keynotes, no labs - just three tracks filled with our most
popular speakers from the last decade: http://conference.hitb.org/