Computer containing 3541 patients data stolen from UCSF employee’s car

September 16th, 2013 by admin Leave a reply »

An unencrypted laptop containing the medical and personal data of more than 3,500 UC San Francisco patients was stolen from an employee’s car.

The theft, which could cost the university hundreds of thousands of dollars in fines, is just the latest in a series of IT security breaches in recent years that have cost the institution millions.

The computer belonged to a Medical Center employee who works in the Division of Transplantation, according to the school. The name of the employee was not released.

The 3,541 patients affected by the theft were notified via letter that some of their medical data was on the stolen laptop. The data include names, dates of birth, some health information and medical record numbers. In some cases, the information included Social Security numbers. Paper documents containing medical data of 31 patients also were taken.

The letter, which the university was required to file with the state Attorney General’s Office, also gave patients a number to a special hotline set up to assist them and a year of free credit monitoring. UCSF also reported the incident to the California Department of Public Health and federal authorities.

In addition to fines related to losing the data, UCSF may face fines for failing to report the security breach within five business days, according to the agency.

UCSF did not determine specifically what kind of information was on the computer according to the notification letter.

In the past few years, a handful of similar security breaches have occurred at UCSF.

Most recently, in 2010 another laptop was stolen from an employee. It contained data from 4,310 patients. In 2009, a phishing scam gave hackers access to the medical data of 600 patients. In 2008, another security breach occurred involving information for 2,625 patients. And in 2007, university IT teams caught a hacker in the act.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply