Cancer Center Reports Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cancer Center Reports Data Breach

June 29, 2012
by Gabriel Perna
| Reprints

The University of Texas MD Anderson Cancer Center, a Houston-based institution, has announced that a computer containing patient and research information was stolen from a physician's home on April 30. The computer contained patient information, including names, medical record numbers, treatment and/or research information, and, in some instances, Social Security numbers.

After learning of the theft on May 1, MD Anderson immediately said it began its investigation, including working with outside forensics experts, to determine the information contained on the computer. The physician reportedly notified the police immediately and MD Anderson says there is an ongoing criminal investigation into the theft.

According to the institution, MD Anderson worked with forensics experts to recreate the information that was on the stolen computer, and after analysis MD Anderson notified patients as soon as it was able. The hospital says it has no reason to believe that the computer was stolen for the information it contained, since other items were also stolen from the employee's home.

MD Anderson began mailing notification letters on June 28 to patients who may have been affected. It is offering credit monitoring services for those whose Social Security numbers were included in the data and providing call center support to all affected. More information can be found here.  The hospital says it has taken steps to help prevent this from happening in the future, including accelerating efforts to encrypt all MD Anderson computers.

Topics

Comments

Breaches are not inevitable – as signified by the HHS Safe Harbor from Breach Reporting

Unfortunately, the increasing interest in Breach Response Services indicates that a significant percentage of network owners believe that a Data Breach is inevitable. However, fortunately for healthcare organizations, HHS believes that installing appropriate safeguards provides deterministic results – a breach is very unlikely. The Department of Health and Human Services demonstrates their confidence by providing a HHS Safe Harbor if safeguards specified by the National Institute of Standards and Technology (NIST) are implemented. The cost is competitive with developing a Breach Response Plan.

I was honored to introduce this subject in the current issue of the Betterley report on page 13 which is free on the International Risk Management Institue web site, http://www.irmi.com/online/betterley-report/cyber-privacy-media-liability-summary.pdf
Mac Brinton, mbrinton@infogard.com

News

Community Data Sharing: Eight Recommendations From San Diego

A learning guide focuses on San Diego’s experience in building a community health information exchange and the realities of embarking on a broad community collaboration to achieve better data sharing.

HealthlinkNY’s Galanis to Step Down as CEO

Christina Galanis, who has served as president and CEO of HealthlinkNY for the past 13 years, will leave her position at the end of the year.

Email-Related Cyber Attacks a Top Concern for Providers

U.S. healthcare providers overwhelmingly rank email as the top source of a potential data breach, according to new research from email and data security company Mimecast and conducted by HIMSS Analytics.

Former Health IT Head in San Diego County Charged with Defrauding Provider out of $800K

The ex-health IT director at North County Health Services, a San Diego County-based healthcare service provider, has been charged with spearheading fraudulent operations that cost the organization $800,000.

Allscripts Touts 1 Billion API Shares in 2017

Officials from Chicago-based health IT vendor Allscripts have attested that the company has reached a new milestone— one billion application programming interface (API) data exchange transactions in 2017.

Dignity Health, CHI Merging to Form New Catholic Health System

Catholic Health Initiatives (CHI), based in Englewood, Colorado, and San Francisco-based Dignity Health officially announced they are merging and have signed a definitive agreement to combine ministries and create a new, nonprofit Catholic health system.