Officials at the University of Miami Hospital have notified patients affected by a July data breach, stating in a letter that, upon investigation, two university employees were found to be "inappropriately accessing" patient information and may have sold the data.
[See also: 10 of the largest data breaches in 2012 ... so far.]
Specifically, the letter states that these employees were accessing patient “face sheets,” which include names, dates of birth, insurance policy numbers, partial Social Security numbers and clinical information pertaining to the reason for visit. Moreover, in both Medicare and Medicaid insurance plans, patient Social Security numbers are used as the insurance policy number, thus, in these cases, full Social Security numbers may have been compromised.
In light of the data breach, the university is providing a two-year membership for identity protection services.
“At the University of Miami Health System we take the privacy and security of our patients’ information very seriously," officials wrote in the letter. "We continue to review and refine our physical and electronic safeguards to enhance protection of all patient data."
[See also: Cancer Care data breach compromises 55,000.]
This is not the University of Miami Hospital's first patient data breach. On Nov. 2011, a flash drive containing the demographic and clinical data of an estimated 1,219 patients was stolen from a physician’s car.