BreachExchange mailing list archives

Followup: Tapes stolen containing patient info of 47, 000

From: Chris Walsh <chris () cwalsh org>
Date: Sat, 26 Apr 2008 13:10:37 -0500

According to 
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9080322&taxonomyId=19&intsrc=kc_top
 
, *financial* data for 47K is on the tapes, but  *** 2,000,000 ***  
records were exposed.

Accorrding to a FAQ set up by the university (http://dataincident.miami.edu/faqs.htm 
):

"The University will be notifying by mail the approximately 47,000  
patients whose data included credit card or other financial  
information regarding bill payment."

I read this as saying that they could have lost everything about me  
that is in my medical record, including my name, address, diseases and  
treatments, prognosis, family medical history, and the like, but if  
the file didn't also have information on how I paid them, I do not get  
notified.  Some clarification would be useful.  I find it hard to  
imagine that a large proportion of these records don't have a name,  
DOB, and SSN, for example, but it isn't clear from what the University  
has said whether they consider this "financial information regarding  
bill payment".


On Apr 17, 2008, at 1:31 PM, rchick wrote:


April. 17, 2008
BY John Dorschner
http://www.miamiherald.com/news/breaking_dade/story/499492.html

The confidential information of tens of thousands of University of  
Miami patients was stolen last month when thieves took a case out of  
a vehicle used by a private off-site storage company, UM said  
Thursday morning

'' Anyone who has been a patient of a University of Miami physician  
or visited a UM facility since Jan. 1, 1999, is likely included on  
the tapes,'' the university said in a news release. ``The data  
included names, addresses, Social Security numbers or health  
information. The university will be notifying by mail the 47,000  
patients whose data may have included credit card or other financial  
information regarding bill payment.''


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

Current thread:

Tapes stolen containing patient info of 47,000 rchick (Apr 17)
- Followup: Tapes stolen containing patient info of 47, 000 Chris Walsh (Apr 26)
  - Re: Followup: Tapes stolen containing patient info of 47, 000 Adam Shostack (Apr 26)