BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Two University of Miami Hospital employees may have stolen, sold patient data

From: security curmudgeon <jericho () attrition org>
Date: Wed, 12 Sep 2012 12:05:16 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.miamiherald.com/2012/09/07/2990379/two-university-of-miami-hospital.html

By John Dorschner
MiamiHerald.com
09.07.12

Two University of Miami Hospital employees may have stolen and sold 
information from thousands of patients who visited the facility over a 
22-month period, the medical school announced late Friday afternoon.

A press release stated UM learned of the breach from Miami-Dade police on 
July 18. ?The two employees were terminated immediately,? the release 
stated, ?and the university has taken steps to help patients who could be 
affected safeguard their personal information.?

A UM website said the employees ?admitted improper conduct? and that the 
investigation is continuing. A UM spokeswoman said she had no information 
about how many patients records may have been taken. State records 
indicate that the UM hospital admits about 19,000 patients a year.

A Miami-Dade police spokeswoman said she did not immediately have 
additional information about the case.

The records that were possibly taken were ?face sheets? in the 
registration process that include name, address, date of birth, insurance 
policy numbers and reason for the visit. The sheets contained only the 
last four digits of the person?s Social Security number, but UM noted that 
some insurers, including Medicare and Medicaid, use Social Security 
numbers as the policy numbers.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: