DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Two University of Miami Hospital employees found stealing patient data (updated)

Posted on September 7, 2012 by Dissent

Yet another incident involving the theft of patient data in Florida by employees has been disclosed.

In a letter to those affected, the University of Miami Health System writes:

Based on information provided by law enforcement on July 18, 2012, the University of Miami Health System conducted an investigation that revealed that two University of Miami Hospital employees were inappropriately accessing patient information, specifically registration “face sheets,” and may have sold them. These two employees were terminated immediately. The University of Miami Health System delayed public notice at the request of law enforcement to avoid hindering the criminal investigation.

Face sheets contain basic identifying information, including name, address, date of birth, insurance policy numbers, and the reason for the visit. While social security numbers are masked to display only the last four digits, some health insurance plans, such as Medicare and Medicaid, continue to use social security numbers as insurance policy numbers, which are included on the face sheet.

In an abundance of caution, we are notifying patients who may have been seen at University of Miami Hospital between October 2010 and July 2012.

A corresponding FAQ on the incident explains:

Based on information provided by law enforcement, the University of Miami Health System conducted an investigation into the activity of two University of Miami Hospital employees. The investigation revealed that these two individuals were inappropriately accessing patient information from registration “face sheets” and may have sold the information to a third party. Once discovered, these two employees were terminated immediately.

We have no indication that medical records are at risk. At the University of Miami Health System we take the privacy and security of our patients’ information very seriously. We continue to review and refine our physical and electronic safeguards to enhance protection of patient data and remain committed to cooperating with law enforcement as they continue their investigation.

What Information Is Included On The Face Sheets?

Face sheets are patient registration related documents that contain basic identifying information, including name, address, date of birth and insurance policy numbers, as well as the reason and service area for the visit. While the social security number field was masked to display only the last four digits, some health insurance plans, such as Medicare and Medicaid, continue to use social security numbers as insurance policy numbers. Such information was included on the face sheets. Face sheets do not contain test results or other patient health care or financial information. We have no indication that medical records are at risk.

The incident was first reported in the media by the Miami Herald.

So once again a hospital does not discover insider wrong-doing and has to be told by outside sources.

I wonder if this operation is related to the patient data thefts at Florida Hospital and Memorial Healthcare System that were recently disclosed. There certainly has been a lot of patient data stolen in Florida and the number of disclosures within the past few months is curious, to say the least.

But what is HHS and/or the State of Florida going to do about all these breaches to require better security and access controls or auditing? Something needs to be done.

Update: The University of Miami subsequently informed HHS that they notified 64, 846 patients of this breach.

Category: Health Data

Post navigation

← Guild Wars 2 officials say ongoing password attack affects 11,000 accounts
Pakistani Forums Hacked. Data leaked by @0x00x00 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.