Patients compromised again, second UCSF laptop theft within two months

Share this article:

More than 8,000 patients of University of California, San Francisco (UCSF) are receiving notification letters after a possibly unencrypted laptop that contained the personal information was stolen from a physician's vehicle. A similar UCSF incident occurred in October.

How many victims? 8,294. 

What type of personal information? Names, dates of birth, medical record numbers and Social Security numbers.

What happened? A physician's personal laptop – which contained the personal data and was possibly unencrypted – was stolen from the physician's vehicle.

What was the response? San Francisco law enforcement, the California Department of Public Health and the California Attorney General have been alerted, as well as federal authorities. UCSF is notifying all affected patients by mail and those who had Social Security numbers compromised are being offered credit monitoring services.

Details: Officials learned that the physician, who is based in the Division of Gastroenterology at the UCSF School of Medicine, had a possibly unencrypted personal laptop stolen from their vehicle on Sept. 25. The use of an unencrypted laptop for business purposes is against UCSF policy.

Quote: “UCSF is committed to maintaining the privacy of personal information and has taken additional steps to secure that information, including strengthening educational and operational processes for information security,” according to a UCSF release.

Source: ucsf.edu, “Laptop Computer Theft at UCSF,” Nov. 21, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.