Just months after being hit with an $865,000 fine to settle HIPAA violations with the ffice of Civil Rights, UCLA Health System faces another potential violation of more than 16,000 patient files. Although details are sketchy, reports indicate that the password to an encrypted hard drive containing more than 16,000 patient names, birth dates, addresses and medical record information was stolen in a home invasion robbery of a former employee.
The drive itself was previously stolen in September. At this point, no known attempts have been made to utilize the information, but the theft of the password to access the encrypted data suggests either a targeted goal to access the encrypted information or a remarkable coincidence.
The incident on its face emphasizes the risk of allowing critical information such as passwords to leave the facility and not changing passwords when employees resign or are terminated. The situation also demonstrates a potential threat to employees with access to critical information on computer systems, although it is still not known whether the employee was specifically targeted for the information.Read More