UCLA breach: Do Not Take Data Home

By PAMELA LEWIS DOLAN

amednews.com

Even if practices think they have a strong data security plan in place, too often a new breach occurs that reminds them there are always additional steps that can be taken, or that certain vulnerabilities were overlooked.

The most recent reminder came through the UCLA Medical Center, which issued a public notice on Nov. 4 saying that a former employee's computer external hard drive that contained information about 16,288 patients was stolen during a house burglary. Although the data were encrypted, a piece of paper containing the password needed to unencrypt the data also came up missing after the burglary.

UCLA said in the notice that the records did not contain Social Security numbers or financial information. But they did include first and last names and possibly birth dates, addresses and medical record numbers and information. The data ranged from July 2007 to July 2011. The theft occurred in September, and UCLA said it took until November to determine who was affected and obtain valid addresses for notification. The employee whose home was burglarized ended his employment with UCLA in July.

The entire story is here.