Statement from UC Irvine Medical Center:
June 17, 2015
On March 13, 2015, officials at UC Irvine Medical Center discovered that an employee, whose job required access to some patient records, had looked at additional records without a job-related purpose between June 2011 and March 2015.
As far as it is possible to determine, the employee did not access or electronically distribute Social Security numbers, driver’s licenses or state ID card numbers, or credit or debit card information.
However, the employee may have viewed some protected health information of our patients including names, dates of birth, gender, medical record numbers, height, weight, medical center account numbers, allergy information, home address, medical documentation, diagnoses, test orders and results, medications, employment status, and the names of patient’s health plans and employers.
The medical center is notifying affected patients and, recognizing the concern this type of event may cause, is offering one year of free credit monitoring and identity theft protection from ID Experts at no charge. Those patients were provided an ID Experts enrollment code and web link. Affected patients with questions may call 1-888-653-6036.
When the medical center discovered the breach, it took the following steps:
- Hired independent experts in computer forensics to analyze this employee’s hard drive and email account. Their investigation has found no evidence that this employee removed any patient information.
- Informed local law enforcement, which launched a criminal investigation that remains ongoing.
- Notified the California Department of Public Health in accordance with state law.
- Removed the employee’s access to medical center’s computer systems and imposed disciplinary action.
UC Irvine Medical Center sincerely regrets any inconvenience, stress, or worry this news may have caused our patients. Our goal is to ensure the privacy of patients’ personal information.
[…]
The Orange County Register reports that 4,859 patients were impacted.