Theft the Root Cause of Three Recent Breaches
Three provider organizations recently have reported serious breaches where protected information was purposely accessed by unauthorized personnel, but only one is offering protection to patients:
* University of Washington Medicine is notifying approximately 90,000 patients of UW Medical Center and Harborview Medical Center that malware in an email attachment that an employee opened accessed their data files. The FBI is investigating and may be contacting patients, according to the university. Based on results of an internal investigation, it is believed that patient information was not sought or targeted, the university says in a statement. Compromised information included name, medical record number, demographic information such as address and phone number, dates of service, date of birth, charge amount, and Social Security number and Medicare number. The data that was accessed was a sub-set or extraction of information used for billing purposes, a spokesperson tells Health Data Management. The malware did not compromise or access information in any patient medical records and there is no indication that any of the data has been misused, she adds Approximately 15,000 records contained Social Security numbers and these patients will receive a year of credit monitoring services from ID Experts. We dont believe that the remaining patients need to do anything further at this time, according to the spokesperson.
* Florida Digestive Health Specialists, with 18 sites, has notified about 4,400 patients that their information was improperly accessed by an employee who has been terminated, the Sarasota HeraldTribune reports. Notice of the breach is not readily available on the providers Web site and the privacy officer did not return a call to Health Data Management asking for additional information. According to the HeraldTribune, an employee accessed and photographed patient records and then tried to print the photos at a Wal-Mart store. The photo manager became suspicious and called police, who are investigating along with the Internal Revenue Service. Compromised information included name, date of birth, Social Security number and telephone number. Florida Digestive Health Specialists is advising patients to monitor their credit reports, according to the newspaper.
* The University of Pittsburgh Medical Center is notifying nearly 1,300 patients treated at various sites after an employee not involved in their care accessed protected information. This included name, date of birth, contact information, treatment and diagnosis, and Social Security numbers. The employee, since terminated and with local and federal authorities investigating, told UPMC officials that she did not store the information or use it for financial gain, according to a UPMC statement. The organization is suggesting that patients monitor their credit reports.