Personal and medical information of more than 7,000 people may have been exposed after a hard drive was stolen.
University Hospitals said its physicians’ office computer equipment is being upgraded. So, it was being backed up on hard drives. A third-party vendor was helping with that.
On Aug. 8, UH was notified that one of the hard drives was stolen out of a car belonging to the vendor’s employee.
UH said it’s emailed a letter to the 7,170 individuals who may have been affected.
The information included on the hard drive may include names, home addresses, dates of birth, medical record numbers, insurance provider information and health information about specific patient treatment. UH said a limited number of Social Security numbers were possibly exposed.
University Hospitals said it has not received any reports that the personal and medical information has been accessed or misused.
UH said, “[it] understands the critical importance of personal information privacy and doctor/patient confidentiality, and sincerely apologizes that this security breach occurred.”
University Hospitals said it initiated a full and detailed investigation to correct the situation and the following steps have been taken to correct the situation and prevent it from happening in the future:
** Engagement with local law enforcement and industry experts to conduct a thorough investigation of the circumstances surrounding the theft.
** Notification to all individuals whose information was part of the breach and established a dedicated information line to provide personal consultation. As a precautionary measure, UH will provide one year of free credit monitoring and identity theft protection to the 33 individuals whose Social Security numbers may have been exposed. Affected individuals have been advised to review their credit and personal data carefully and obtain a credit report and/or place a fraud alert on their files.
** Enhancements to strengthen the organization’s electronic device security policies and procedures to ensure that no laptop computers, portable hard drives and other electronic devices are used unless encryption protection is initiated.
A direct USPS letter communication from UH has been sent to all individuals who may have been affected.
For further questions regarding this incident, please call UH’s toll-free hotline at 877-220-1388 Monday-Friday between 9 a.m. and 7 p.m. ET. Callers will need to use reference number: 8264102113.