Skip to content Skip to navigation

Cancer Center Reports Data Breach

June 29, 2012
by Gabriel Perna
| Reprints

The University of Texas MD Anderson Cancer Center, a Houston-based institution, has announced that a computer containing patient and research information was stolen from a physician's home on April 30. The computer contained patient information, including names, medical record numbers, treatment and/or research information, and, in some instances, Social Security numbers.

After learning of the theft on May 1, MD Anderson immediately said it began its investigation, including working with outside forensics experts, to determine the information contained on the computer. The physician reportedly notified the police immediately and MD Anderson says there is an ongoing criminal investigation into the theft.

According to the institution, MD Anderson worked with forensics experts to recreate the information that was on the stolen computer, and after analysis MD Anderson notified patients as soon as it was able. The hospital says it has no reason to believe that the computer was stolen for the information it contained, since other items were also stolen from the employee's home.

MD Anderson began mailing notification letters on June 28 to patients who may have been affected. It is offering credit monitoring services for those whose Social Security numbers were included in the data and providing call center support to all affected. More information can be found here.  The hospital says it has taken steps to help prevent this from happening in the future, including accelerating efforts to encrypt all MD Anderson computers.



Breaches are not inevitable – as signified by the HHS Safe Harbor from Breach Reporting

Unfortunately, the increasing interest in Breach Response Services indicates that a significant percentage of network owners believe that a Data Breach is inevitable. However, fortunately for healthcare organizations, HHS believes that installing appropriate safeguards provides deterministic results – a breach is very unlikely. The Department of Health and Human Services demonstrates their confidence by providing a HHS Safe Harbor if safeguards specified by the National Institute of Standards and Technology (NIST) are implemented. The cost is competitive with developing a Breach Response Plan.

I was honored to introduce this subject in the current issue of the Betterley report on page 13 which is free on the International Risk Management Institue web site,
Mac Brinton,


ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.