Hacker Affects 600 at UCSF
The University of California San Francisco has notified approximately 600 individuals that a hacker may have accessed their protected health information.
The University of California San Francisco has notified approximately 600 individuals that a hacker may have accessed their protected health information.
A physician in the UCSF School of Medicine in late September fell victim to a phishing scam and gave the user name and password for his e-mail account. The university's information security unit identified the breach and disabled the compromised password. By Oct. 16, an investigation determined that e-mails in the physician's account, which included those containing demographic and clinical information and four Social Security numbers, potentially might have been exposed, according to the university.
Notifications of affected individuals occurred between Oct. 21 and Dec. 11 as the investigation continued, the university told the San Francisco Business Times. The university advised affected individuals to review insurance explanation of benefit documents and look for payments they do not recognize, and report any unusual payments to their insurer or provider. The university also has re-educated personnel on how to protect user IDs and passwords.
New federal rules mandated under the American Recovery and Reinvestment Act requiring "timely" notification of certain breaches of health information. The rules now are effective and have a compliance deadline of Feb. 22, 2010.
--Joseph Goedert
A physician in the UCSF School of Medicine in late September fell victim to a phishing scam and gave the user name and password for his e-mail account. The university's information security unit identified the breach and disabled the compromised password. By Oct. 16, an investigation determined that e-mails in the physician's account, which included those containing demographic and clinical information and four Social Security numbers, potentially might have been exposed, according to the university.
Notifications of affected individuals occurred between Oct. 21 and Dec. 11 as the investigation continued, the university told the San Francisco Business Times. The university advised affected individuals to review insurance explanation of benefit documents and look for payments they do not recognize, and report any unusual payments to their insurer or provider. The university also has re-educated personnel on how to protect user IDs and passwords.
New federal rules mandated under the American Recovery and Reinvestment Act requiring "timely" notification of certain breaches of health information. The rules now are effective and have a compliance deadline of Feb. 22, 2010.
--Joseph Goedert
More for you
Loading data for hdm_tax_topic #reducing-cost...