UCSF information leaked by data company
The University of California, San Francisco Medical Center notified patients last month of a data breach that affected more than 6,000 visitors to the pulmonary/chest faculty practice, vascular surgery, pediatric surgery and neurology departments.
The breach, which was discovered on October 9, 2007, made information on 6,313 UCSF patients available over the Internet. Endangered information included the names and addresses of patients, names of the departments where they received care and, in some cases, medical record numbers and physician names.
Patients received letters from the hospital in April, warning that their information had been endangered. A hotline number was provided for anyone seeking more information, and the letter was also posted on the hospital's Web site. So far, no one has reported any problems.
Data mining company Target America Inc. has been implicated in the breach because it had been tapped by the nonprofit UCSF to mine patient data for information on possible or existing donors. UCSF has shared information on more than 30,000 patients with the company since 2004. Ten days after the leak was discovered, UCSF ended its relationship with Target America. Target America could not be reached for comment.
The data company was required by UCSF to hire a third party firm to investigate the breach once it was discovered. The hospital waited for the results from that investigation before contacting patients. The audit showed that patient information had been available from July 1 to October 9, 2007, but only if a specific patient name were searched.