UCLA has contacted over 16,000 patients and warned them they could be a target of medical identity theft after an external hard drive with their medical details was stolen from a Doctor’s home.
Luckily the hard drive was encrypted but unfortunately the password was written on a piece of paper which is also missing. The paper was kept close by the hard drive - oh dear.
The burglary took place in September but it has taken until now to locate all the effected patients to warn them.
According to the LA Times this isn’t the first time UCLA Health System has had a major breach of patient privacy.
Between 2005 and 2009, hospital officials were repeatedly caught and fired for reviewing, without authorization, the medical records of dozens of celebrities, including Britney Spears and Farrah Fawcett. That prompted a state law imposing escalating fines on hospitals for patient privacy lapses. State regulators later fined Ronald Reagan UCLA Medical Center in connection with privacy breaches involving the records of Michael Jackson. Source: LA Times
The medical records range from July 2007 to July 2011 and includes patients from the Ronald Reagan UCLA Medical Center, Santa Monica UCLA Medical Center, Resnick Neuropsychiatric Hospital, Mattel Children’s Hospital as well as outpatient clinics.
The information on the hard drive included patients addresses, birth dates, medical record numbers and medical information but did not include any financial information or social security numbers.
UCLA released a statement saying that they had hired a data security company to assist any patients worried they may be at risk from medical identity theft and have notified the U.S. Department of Health and Human Services Office for Civil Rights although they point out they have no evidence the records on the hard drive had been accessed.
Joe Says: While this may be a random burglary and the hard drive was taken without knowledge of what was on it, it would pay to fall on the side of caution if you believe your details were on it.
- Contact the credit bureaus and set up a fraud alert.
- You should probably also check your credit report for anything out of the ordinary.
- Stay extra vigilant for the next six months or so.
If you do spot anything at all out of the ordinary use the contact details sent to you by UCLA to let the data security company know immediately as they will be able to prevent any further damage as well as correcting any already done.
I can’t let this one go without mentioning the password. It is completely pointless setting a password if you then write it down on a post it note and stick it on your monitor. If you have to write down a password then put it in your wallet and NEVER write what it is for.
