US patient records stolen by staff, possibly sold

Powered by SC Magazine
 

Miami hospital hit by second breach this year.

The University of Miami Hospital has fired two employees suspected of stealing and possibly selling the personally identifiable information of patients.

The health system announced the breach last week — the second to occur there this year — and began notifying those affected. A website detailing the incident also was set up. 

A hospital spokeswoman declined to provide the number of patients impacted by the theft, in which employees accessed “face sheets” — documents that include the names, addresses, dates of birth, insurance policy numbers, the reason for the hospital visit, and the last four digits of patients' Social Security numbers, according to a letter sent to affected individuals.

Rachel Seeger, a spokeswoman for the Office for Civil Rights (OCR) under the US Department of Health and Human Services, told iTnews' sister site SC Magazine that the agency had yet to confirm how many patients were affected in the breach.

If breaches affect more than 500 residents of a state, HIPAA-covered entities must notify media outlets serving the affected areas, as well as affected individuals and the Health and Human Services secretary, within 60 days of the breach.

Due to the repeated offenses, HHS will determine what corrective action the hospital has taken to keep future breaches from happening, Seeger said. Firing employees would be one among many steps taken into consideration.

Victims may include those seen between October 2010 and July of this year, hospital officials said. The Miami Herald reported that the facility admits about 19,000 patients a year.

Authorities informed the hospital of suspicious activity on July 18, after which it delayed public notice until September upon request of police to avoid “hindering the criminal investigation”, the letter said.

A representative for the Miami-Dade Police Department did not respond to a request for comment.

“This incident has no impact on your care,” said the letter to patients.

“University of Miami Hospital computer systems are completely unaffected. Your information remains current and available; no information was altered or deleted. Please be assured we are committed to protecting all information entrusted to us.”

The University of Miami Health System, which is made up of three hospitals, is offering free credit monitoring services to affected individuals for two years through an outside company.

The incident follows a breach at the hospital last November, in which a thief stole a briefcase from a physician's car, containing a flash drive with the information of more than 1000 patients, including their age, gender, diagnosis and treatment data from 2005 to 2011.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


US patient records stolen by staff, possibly sold
 
 
 
Top Stories
Photos: iTnews Benchmark Awards countdown begins
Just a few days left until entries close for 2014.
 
Australian Govt to rethink cyber security strategy
Six-year old policy to be refreshed.
 
The failure of the antivirus industry
[Blog post] Insights from AVAR 2014.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 1076

Vote