Data Breach Watch has written extensively about the problems and risk associated with a university data breaches and the recent healthcare breach at U. of Miss Medical Center drives home the point. Affecting patients who visited the hospital between 2008 and 2013, the university healthcare system informed an “unknown” number of patients that their medical records may have been compromised. We will eventually know the numbers behind the HIPAA security and privacy breach when it hits HHS, but regardless of the total the situation isn’t ideal. Trying to inform patients from 5 years ago is going to be a challenge for any data breach response team. How many times have you moved in the last 5 years? What about college students, which are going to be a key demographic that visits a university medical center.
On Jan. 22, UMMC officials were notified that a password-protected laptop was missing. The laptop was a shared device, used by UMMC clinicians working in a non-public, patient-care area.
The laptop may have contained health and personal information of adult patients seen at UMMC between 2008 and January 2013. The information potentially included names, addresses, dates of birth, Social Security Numbers, diagnoses, medications, treatments and other clinical information.
On learning the laptop was missing, UMMC officials took action to secure the information. Despite efforts to locate the laptop, it has not yet been recovered.
This situation could have been avoided with a simple IT Security Risk Assessment - which would have raised a red flag about lack of encryption.
For more information you can visit the privacy notice: NOTICE: BREACH OF PATIENT HEALTH AND PERSONAL INFORMATION