University Hospitals has been upgrading its UH physicians' office computer equipment.
UH contracted with a third-party information technology (IT) vendor to assist with this effort and, as part of this process, UH physician office computer data was backed up on various hard drives.
On August 8, 2013, UH was notified that a hard drive containing backed-up UH physician office computer data was stolen out of a vehicle belonging to the vendor's employee.
University Hospitals (UH) said today that certain personal and medical information of 7,170 individuals may have been exposed. UH has mailed letters to notify each individual who may have been affected.
Upon notification of the theft, UH initiated a full and detailed investigation, taking measures to correct the situation and prevent similar occurrences in the future. It is important to note that, to date, UH has not received any reports that the personal and medical information has been accessed or misused. It is possible that the thief may be unaware of the nature of the information on the device or may be unable to access it.
The potentially exposed data may include one or a combination of the following: names, home addresses, dates of birth, medical record numbers, insurance provider information and health information about specific patient treatment. In addition, a very limited number of Social Security numbers were potentially exposed.
UH understands the critical importance of personal information privacy and doctor/patient confidentiality, and sincerely apologizes that this security breach occurred.
UH has taken the following steps to correct the situation and prevent similar occurrences in the future:
· Engagement with local law enforcement and industry experts to conduct a thorough investigation of the circumstances surrounding the theft.
· Notification to all individuals whose information was part of the breach and established a dedicated information line to provide personal consultation. As a precautionary measure, UH will provide one year of free credit monitoring and identity theft protection to the 33 individuals whose Social Security numbers may have been exposed. Affected individuals have been advised to review their credit and personal data carefully and obtain a credit report and/or place a fraud alert on their files.
· Enhancements to strengthen the organization's electronic device security policies and procedures to ensure that no laptop computers, portable hard drives and other electronic devices are used unless encryption protection is initiated.
A direct USPS letter communication from UH has been sent to all individuals who may have been affected. For further questions regarding this incident, please call UH's toll-free hotline at 877-220-1388 Monday - Friday between 9 a.m. and 7 p.m. ET. Callers will need to use reference number: 8264102113.