Data breach affects 1,144 patients of University Urology of Tennessee

April 18th, 2014 by admin Leave a reply »

University Urology of Tenn. released data breach statement which involves 1,144 affected patients. Data breach information was limited to names and addresses. According to website statement social Security Numbers, financial account information, clinical information were not exposed.

This particular data breach incident involved an administrative assistant who gathered patient’s data in bid to sell to a competing provider for winning patients business. Incident came to notice when patients started receiving calls from competing provider. Patients began calling university to alert about unsolicited phone calls.

Peggy Kares, HIPAA Security Officer at University Urology, P.C. said, “We understand that any breach of protected health information is a concern for our patients. We sincerely regret this situation occurred.”

University took following action after the breach – It terminated the employment, revoked access to protected health information (PHI), changed internal passwords and agreed with the competing organization to destroy received patients information.

According to website statement,
University Urology, P.C. is notifying by mail the patients impacted by this breach. While it appears that the information subject to the breach was to be used for patient solicitation and there is absolutely no indication that the information may be used for purposes of identity theft, patients may choose to monitor their credit card, bank, or other financial statements for signs of fraud and identity theft.

The information consisting of patient names and addresses is considered protected health information and is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Leave a Reply