Access to the records went beyond the employee’s scope of responsibilities and the university learned of the breach on January 7. “At this time, there is no evidence to suggest that as a result of the improper access that any patient’s personal information was retained or used for any purpose,” according to a public notice from the university.
Compromised information includes name, address, date of birth and some Social Security numbers, along with other health information. A university spokesperson did not answer a query on how many Social Security numbers were involved, only noting that there is no indication any numbers were viewed.
The university is sending affected patients instructions on protecting themselves from identity theft, and is offering two years of free credit monitoring services along with insurance to assist if any related identify theft results. The university also is re-evaluating employee education and monitoring policies.