Patients compromised again, second UCSF laptop theft within two months

Share this article:

More than 8,000 patients of University of California, San Francisco (UCSF) are receiving notification letters after a possibly unencrypted laptop that contained the personal information was stolen from a physician's vehicle. A similar UCSF incident occurred in October.

How many victims? 8,294. 

What type of personal information? Names, dates of birth, medical record numbers and Social Security numbers.

What happened? A physician's personal laptop – which contained the personal data and was possibly unencrypted – was stolen from the physician's vehicle.

What was the response? San Francisco law enforcement, the California Department of Public Health and the California Attorney General have been alerted, as well as federal authorities. UCSF is notifying all affected patients by mail and those who had Social Security numbers compromised are being offered credit monitoring services.

Details: Officials learned that the physician, who is based in the Division of Gastroenterology at the UCSF School of Medicine, had a possibly unencrypted personal laptop stolen from their vehicle on Sept. 25. The use of an unencrypted laptop for business purposes is against UCSF policy.

Quote: “UCSF is committed to maintaining the privacy of personal information and has taken additional steps to secure that information, including strengthening educational and operational processes for information security,” according to a UCSF release.

Source: ucsf.edu, “Laptop Computer Theft at UCSF,” Nov. 21, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.

Marquette University notifies graduate applicants of possible breach

Settings for an internal file server were inadvertently modified, making graduate school applications accessible to anyone with Marquette University login credentials.

Physician's email account, accessed by unknown source, contained patient data

UC Davis Health System is notifying 1,326 patients that a physician's work email account was accessed by an unknown source and an email within that account contained their personal or medical information.