U of Utah hit with theft of 2.2M patient records
U of Utah is latest hospital to tackle a patient data breach. Source: The Paper Mask |
A metal box containing the backup tapes was stolen June 2 from a car belonging to a driver who worked for Perpetual Storage, a local company that for 16 years has stored the university’s tapes in an off-site vault. The driver violated the protocols his company had established to ensure secure data transportation, according to the health system.
The billing records included patient names, related demographic information and diagnostic codes. Records for a subset of 1.3 million patients also contained Social Security numbers.
The healthcare system, which was already in the process of an independent assessment of its information systems, said it has taken additional steps to safeguard its records as a result of the theft.
“Although it is unlikely that information on the tapes will be compromised, we are nevertheless taking aggressive steps to protect our patients’ confidentiality,” said Lorris Betz, MD, PhD, senior vice president for the health system’s department of Health Sciences.
The Salt Lake County Sheriff’s Department, the FBI and the U.S. Postal Service are investigating the theft. “The investigation indicates that the theft was probably a random car burglary, and there is no evidence that the information on the tapes has been accessed or used for identity theft,” said Salt Lake County Sheriff Jim Winder. “Having concluded the first phase of our investigation, we believe it is now time to bring this issue to the public’s attention so that we can enlist their help in recovering the tapes.”
The university said it is offering a $1,000 reward for the return of the tapes, no questions asked.
Nevertheless, the healthcare system has suspended deliveries of backup tapes to Perpetual Storage, pending the review of all procedures and protocols for transporting and storing backup data.
Additionally, the healthcare system is mailing notification letters to all 2.2 million patients and guarantors; providing free credit monitoring and restoration service to patients whose records included Social Security numbers; providing a toll-free telephone hotline and has established a website for information and resources.