San Fran hospital exposes data of more than 6,000 patients online

TriMed Staff | | Health Imaging | Diagnostic Imaging
 
UCSF is the most recent hospital to unintentionally expose patient records. Source: Medical Informatics Insider 
  
Medical information on thousands of University of California at San Francisco (UCSF) School of Medicine patients was available on the internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical identity theft.

The breach was discovered Oct. 9, 2007, but the hospital did not send out notification letters to the 6,313 affected patients until April 4, nearly six months later, according to the San Francisco Chronicle.

The data accessible online included names, patient addresses, and names of the departments where medical care was provided, the Chronicle reported. Some patient medical record numbers and the names of the patients’ physicians also were available online.

“This is a large and very significant data breach,” Pam Dixon, executive director of the World Privacy Forum, a nonprofit public interest research and consumer education group, told the Chronicle. “To commit medical identity theft, all you need is a patient's name, address and the name of the hospital. If you have a doctor's name and the medical department where the patient was being treated, it is gold. If you add a medical record number, it is a disaster for patients.”

Hospital officials reported that there has been no indication of identity theft to date, and also stressed that Social security numbers were not exposed.

UCSF had shared information on its patients with a vendor, Target America, which mines electronic databases amassing information about a nonprofit’s potential or existing donors, the Chronicle reported.

Corinna Kaarlela, UCSF director of news services, told the Chronicle that immediate action was taken to close off the information exposure. Ten days after the discover of the breach, UCSF ended its business agreement with Target America. However, since 2004, UCSF said it provided the names and addresses of 30,590 patients to Target America, paying the company $12,000 a year.

After the breach was discovered, the hospital told the Chronicle that it required Target America to hire “an objective third-party firm” to investigate. UCSF received the forensic analysis report March 26, which showed that information was potentially accessible from July 1 to Oct. 9 of last year “if a query for a specific name was made.”

TriMed Staff

Related Content

AI rules out abnormal findings on chest X-rays, significantly reducing workloads
Older adults among the walking wounded with incident TBI
Philips moves digital pathology to the cloud with AWS
PHOTO GALLERY: What does fetal medical imaging look like?
Speaker laments radiology’s major contribution to climate change
Radiologist accuracy takes a hit overnight, especially with advanced imaging exams

Around the web

Radiology Business
Key Medicare reimbursement and No Surprises Act updates from RSNA 2024

Richard Heller III, MD, RSNA board member and senior VP of policy at Radiology Partners, offers an overview of policies in Congress that are directly impacting imaging.
 

Cardiovascular Business
Philips, Mayo Clinic using AI to improve cardiac MRI technology

The two companies aim to improve patient access to high-quality MRI scans by combining their artificial intelligence capabilities.

Cardiovascular Business
Positron partners with Upbeat Cardiology Solutions to improve cardiac PET/CT access

Positron, a New York-based nuclear imaging company, will now provide Upbeat Cardiology Solutions with advanced PET/CT systems and services.