Home page logo

dataloss logo Data Loss mailing list archives

Privacy Breach Reported At UConn Health Center
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 11 Mar 2013 09:16:25 -0400


Officials are warning patients of a privacy breach at the UConn Health Center.

A health center employee inappropriately gained access to the records
of about 1,400 patients that included names, addresses, dates of
birth. In some cases, the patients' Social Security numbers and other
health information were among the records.

Since the discovery of the breach, the center has notified the U.S.
Department of Health and Human ServicesOffice for Civil Rights, the
attorney general's office in Connecticut, New Hampshire and Maryland,
and the New Jersey State Police.

UConn spokesman Chris DeFrancesco said there's nothing to suggest that
any of the information was downloaded, printed or copied or used by
the employee.

He said the employee, a woman who worked at the center for 11 years,
resigned in December after an internal investigation. The
investigation, started in October, found that the privacy breaches
dated back to June 2010.

The health center police are conducting their own investigation.
DeFrancesco said the center continued its investigation after the
employee's resignation to determine the extent of the breach.

"This was a person who was in a position that allows access to
personal records," DeFrancesco said. "The wrongdoing was that the
employee was accessing records beyond the scope of what the person was
supposed to looking at."

All patients whose records were inappropriately accessed will be
notified by mail and will receive instructions on protection against
identity theft. And to assist with any possible identity theft related
to the incident, the patients will be offered insurance coverage and a
free, two-year subscription to a credit monitoring service.

For more information about the privacy breach, patients may go to the
health center's website at uchc.edu. They may also call 877-313-1398,
Monday through Saturday, from 9 a.m. to 9 p.m., for more information.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • Privacy Breach Reported At UConn Health Center Erica Absetz (Mar 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]