BreachExchange mailing list archives
Two University of Miami Hospital employees may have stolen, sold patient data
From: security curmudgeon <jericho () attrition org>
Date: Wed, 12 Sep 2012 12:05:16 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.miamiherald.com/2012/09/07/2990379/two-university-of-miami-hospital.html By John Dorschner MiamiHerald.com 09.07.12 Two University of Miami Hospital employees may have stolen and sold information from thousands of patients who visited the facility over a 22-month period, the medical school announced late Friday afternoon. A press release stated UM learned of the breach from Miami-Dade police on July 18. ?The two employees were terminated immediately,? the release stated, ?and the university has taken steps to help patients who could be affected safeguard their personal information.? A UM website said the employees ?admitted improper conduct? and that the investigation is continuing. A UM spokeswoman said she had no information about how many patients records may have been taken. State records indicate that the UM hospital admits about 19,000 patients a year. A Miami-Dade police spokeswoman said she did not immediately have additional information about the case. The records that were possibly taken were ?face sheets? in the registration process that include name, address, date of birth, insurance policy numbers and reason for the visit. The sheets contained only the last four digits of the person?s Social Security number, but UM noted that some insurers, including Medicare and Medicaid, use Social Security numbers as the policy numbers. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Two University of Miami Hospital employees may have stolen, sold patient data security curmudgeon (Sep 12)