« Illinois Department of Financial and Professional Regulation (IDFPR) Data Breach Exposes the Social Security Numbers and Personal Information of 300,000 Realtors, Mortgate Brokers, and Loan Originators Licensed in Illinois | Main | Hacked: University of Colorado at Boulder Announces the Potential Exposure of 44,998 Names of Students and Their Social Security Numbers »

May 23, 2007

University of Pittsburgh Medical Center (UPMC) Donor Solicitation Mailing Exposes the Social Security Numbers for 6,000 Former Patients

A donor solicitation mailing by the University of Pittsburgh Medical Center (UPMC) exposed the Social Security numbers for 6,000 former patients.  According to the Post-Gazette (http://www.post-gazette.com/pg/07142/787898-28.stm) the mailing included donor response cards with each patient's social security number embedded in a tracking code.   The tracking code could then be visible in the window of the response envelope that could be mailed back to UPMC.    Last week, UPMC apologized to those affected and has offered one (1) year of free credit monitoring for those patients who are affected by this incident. 

In recent years, health care institutions have faced increasing challenges in complying with regulatory requirements for information security and privacy.   However, they should do more to protect the personal information of their patients.  In the U.S., health care institutions have not made information security and privacy areas of serious consideration or investment.  Most health care institutions seek to meet regulatory requirements, but fail to look beyond the myopia of regulatory compliance.

Posted in Web/Tech |

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.