People used to go to the hospital because something ailed them physically. One wonders how long the string of medical related data breaches will continue before people start complaining to their doctors about worry-based ulcers. The most recent hack on a medical institution’s files wasn’t even a hack. It was a simple hit and run job. University Healthcare Hospital in Utah reported that it lost a laptop and jump drive that contained personal data. In this instance there was no corrupt employee or system breach. Someone simply entered one of the offices, pocketed the jump drive and walked out with the laptop underneath their coat.

While investigators are hoping to use an image captured on the security cameras to find the perpetrator, hospital administrators are still assessing the damage. After consulting their files, they alerted the media that 4,800 medical records had been on the laptop that was stolen. These records include personal data, such as addresses, driver’s license numbers, and social security numbers. Authorities report that these are the pieces of information that are most commonly used to commit identity theft and that individuals should be attentive to their records.

A spokeswoman for the hospital assured the media that the information was password protected. In addition to the files being encrypted, there was an additional security system on the laptop itself that should prevent anyone from being able to access the confidential material. Network security officials remain optimistic, although skeptical, that the thief will not be able to access the material. Despite the crude nature of the theft, there are many programs available for free on the internet that are able to break simple encryption and security features on laptops. The hospital also announced that the recent criminal activity on their premise has caused them to reevaluate their security procedures. As a result, they are upgrading all encryption settings and are making it illegal for employees to download personal information on to their own laptops to conduct work at home.

Although the breach took place in February, victims were not alerted until the middle of March. Hospital officials have not explained the delay in notifying affected individuals, although there is hope that they will fill in these details as the investigation continues. In mid-March, letters were sent out to all 4,800 people whose information had been compromised. While the case is still open, the hospital has agreed to provide identity theft services to all victims.

ID theft services, such as Lifelock, work to protect against illegal activity in the personal financial records of individuals. For a minimal monthly fee, which the hospital is paying in this case, members are alerted whenever activity is taken to open a new credit card in their name or efforts are made to get a loan. Lifelock has contact with all three major credit bureaus and monitors each for any activity that might not show up on the others.

Tags: lifelock, University Healthcare Hospital

This entry was posted on Friday, June 13th, 2008 at 8:33 am and is filed under Corporate Breaches, Individuals. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.