Associated Press reports that the University of Connecticut has disclosed an insider breach. According to their report, an employee at the UConn Health Center inappropriately accessed personal information in the medical records of 164 patients. The school reportedly became aware of the privacy breach on Nov. 4, and has sent letters to all the affected patients.
Spokesperson Carolyn Pennington said the university had no evidence that the information had been “misused or misappropriated.” AP also reports:
The employee involved has been placed on administrative leave, Pennington said. There is no criminal investigation.
The health center has agreed to make a third-party credit monitoring service and identity theft insurance available to the patients at the university’s expense, she said.
As AP points out, this is the second such breach at the facility in the last year. Coverage of the previous breach can be found here.
Read more on NECN.
The university did not respond to an email inquiry sent earlier today asking whether this incident appeared to be (just) “snooping” – and if so, why those 164 patients, or if it appeared to be related to the federal investigation of UConn’s handling of sexual assault cases, or if it might be for tax refund fraud. Since subsequent reporting indicated no criminal investigation, I’d guess they’ve ruled out tax refund fraud or card fraud as a motive – at least for now. (SEE UPDATE, BELOW)
But what does it say that they’ve had two such insider breaches this year? Their statements for the two breaches do not indicate how they learned of the breaches. Did UConn Health detect the breaches themselves or did they have to be alerted to them by a patient or…? I would think that’s an important issue for them to be looking at.
UPDATE: UConn Health spokesperson Chris DeFrancesco informs PHIprivacy.net that the matter is still under investigation and no conclusions have been reached. The employee remains on administrative leave. Spokesperson Carolyn Pennington adds that the sexual assault allegations came from the Storrs campus. UConn Health is in Farmington, where the medical and dental schools and biomedical PhD graduates are located, along with John Dempsey Hospital. Great thanks to UConn Health for providing that clarification.