Information Security

Password Theft Plus Loss of Encrypted Disk Equals HIPAA/ HITECH Data Breach08 November 2011

Just months after being hit with an $865,000 fine to settle HIPAA violations with the ffice of Civil Rights, UCLA Health System faces another potential violation of more than 16,000 patient files. Although details are sketchy, reports indicate that the password to an encrypted  hard drive containing more than 16,000 patient names, birth dates, addresses and medical record information was stolen in a home invasion robbery of a former employee.

The drive itself was previously stolen in September. At this point, no known attempts have been made to utilize the information, but the theft of the password to access the encrypted data suggests either a targeted goal to access the encrypted information or a remarkable coincidence.

The incident on its face emphasizes the risk of allowing critical information such as passwords to leave the facility and  not changing passwords when employees resign or are terminated.  The situation also demonstrates a potential threat to employees with access to critical information on computer systems, although it is still not known whether the employee was specifically targeted for the information.

• Search

• Recommended Links

  • Main Resource Page
  • RETURN TO HOME PAGE

• Categories

  • Emergency Preparedness (2)
  • EMS/Fire/Police (2)
  • EMTALA (9)
  • Fraud and Abuse (1)
  • HIPAA (2)
  • Hospital Issues (1)
  • Information Security (1)
  • Publisher's Opinion (1)
  • Uncategorized (4)

• Archives

  • January 2012 (1)
  • December 2011 (5)
  • November 2011 (10)
  • October 2011 (1)
  • September 2011 (2)
  • May 2011 (1)
  • March 2011 (2)