Malware mishap makes for massive breach

Social Security numbers, medical data of 90K patients compromised
By Erin McCann
10:21 AM
Share
UW Medicine's Harborview Medical Center in Seattle (photo: Joe Wolf, Flickr)
Some 90,000 University of Washington Medicine patients got a surprise this Thanksgiving, and it wasn't a very good one.  
 
This holiday surprise came in the form of patient notification letters divulging the details of a data breach which compromised their protected health information after an UW Medicine employee opened an email attachment containing malware. 
 
The malware took control of the computer, which had patients' data stored on it. Patient information may have included Social Security numbers or Medicare numbers, names, medical record numbers, dates of birth, dates of service, charge amounts for services received, addresses and phone numbers.
 
 
The HIPAA breach, which occurred back in October, affected patients specifically at UW Medicine's Harborview Medical Center and Washington Medical Center. 
 
"UW Medicine is committed to providing quality care and protecting patients’ personal information, and sincerely apologizes for the inconvenience and concern this may be for affected patients," read a UW Medicine statement announcing the security breach. 
 
Since 2009, when the HIPAA privacy and security rules went into effect requiring HIPAA-covered entities notify HHS for breaches involving more than 500 individuals, some 27 million individuals have had their protected health information compromised. 
 
 
This is the fourth biggest HIPAA security breach this year, according to data from the Department of Health and Human Services. 
 
Just in August, Advocate Health System announced the second biggest HIPAA breach ever reported to HHS, compromising the protected health information of more than 4 million patients after unencrypted company laptops were stolen.