KTVN reports:
Some University Health System patients are being notified by letter that their information may possibly have been viewed without consent.
Here is the information we received in the Channel 2 Newsroom directly from the University of Nevada:
Computer equipment from a University Health System office in Reno was stolen on June 11 and, as a result, it is possible that personal information pertaining to some patients may have been viewed without consent.
A letter is being sent to individuals whose personal information may have been viewed, and that letter will describe the information. Letters will begin arriving in mailboxes as early as Saturday.
[…]
The patients for whom this has potential implications fall into two groups:
- Some patients of University Health System in northern Nevada are being notified by letter that their information which may possibly have been viewed includes names, addresses, birth dates, social security numbers and medical information. In an abundance of caution, the University is offering a year of credit monitoring service at no cost to these patients. A sample of the letter to these patients is attached.
- Additional patients of University Health System in northern and southern Nevada are being notified by letter that their information which may possibly have been viewed includes names and patient account numbers. Because we believe only names and patient account numbers were involved, we do not believe these individuals’ personal information is at risk. Letters are being sent to notify these individuals and suggest steps they can take as a precaution.
[…]
How is it an “abundance of caution” to offer free credit monitoring when so much sensitive information was stolen?
I’m not finding anything on their web site or on HHS’s site at the time of this posting.
This is very vague. How was the equipment stolen? Their priorities have been: secure the facility (lock the door after the horse is stolen), Notify those whose info may have been viewed (viewed? don’t they mean may be used to commit identity theft?, Group 2- could patient account numbers for seniors be SSNs on Medicare cards? Gee— maybe someone should think of that and let them know they are as much at risk as group one, explain why to these people. It irks me that they say there is little riek. Unless you know who has the information and why they took it – you don’t have a clue as to risk of harm. Maybe they are hiding the breach under the “little risk of harm clause” the HHS has and that is why it is not posted. All the more reason S139 should pass and require a company prove to a federal cycbercrime unit that there is no risk of harm.
I was with you up until you recommended S. 139. I don’t think that bill is strong enough.