Computer containing patient data stolen from UCSF employee’s car

Cindy Chew/2007 S.F Examiner file photoUCSF could be facing hefty fines after a worker’s laptop was stolen in September.

An unencrypted laptop containing the medical and personal data of more than 3,500 UC San Francisco patients was stolen from an employee’s car in September.

The theft, which could cost the university hundreds of thousands of dollars in fines, is just the latest in a series of IT security breaches in recent years that has cost the institution millions and prompted an effort to stanch such incidents.

UCSF learned Sept. 10 that the laptop was stolen from a locked car Sept. 9. The computer belonged to a Medical Center employee who works in the Division of Transplantation, according to the school. The name of the employee was not released.

The 3,541 patients impacted by the theft were notified via letter last week that some of their medical data was on the laptop. The data include names, dates of birth, some health information and medical record numbers. In some cases, the information included Social Security numbers.

Paper documents containing medical data of 31 patients also were taken.

Thus far, there has been no indication anyone tried to use the information, according to UCSF.

The letter, which the university was required to file with the state Attorney General’s Office, also gave patients a number to a special hotline set up to assist them and a year of free credit monitoring. UCSF also reported the incident to the California Department of Public Health and federal authorities.

The state health department started an investigation into the incident Thursday. In addition to fines related to losing the data, UCSF may face fines for failing to report the security breach within five business days, according to the agency.

UCSF did not determine specifically what kind of information was on the computer until Sept. 25, according to the notification letter.

In the past few years, a handful of similar security breaches have occurred at UCSF.

Most recently, in 2010 another laptop was stolen from an employee. It contained data from 4,310 patients. In 2009, a phishing scam gave hackers access to the medical data of 600 patients. In 2008, another security breach occurred involving information for 2,625 patients. And in 2007, university IT teams caught a hacker in the act.

In March 2012, UCSF launched the IT Security Awareness Campaign to try to prevent such incidents. At the time, UCSF’s chief information security officer, David Rusting, said that since 2005, information security and privacy breaches had cost more than $20 million.

October is National Cyber Security Awareness Month.Bay Area NewsUCSFUCSF security breach

If you find our journalism valuable and relevant, please consider joining our Examiner membership program.
Find out more at www.sfexaminer.com/join/

Just Posted

President Donald Trump and Democratic presidential nominee Joe Biden have taken different approaches to transit and infrastructure funding. <ins>(Yuri Gripas/Abaca Press/TNS)</ins>
Bay Area transit has big hopes for a Biden administration

The best chance for local agencies to get relief may be a change in federal leadership

BART Ambassadors are being called on to assist riders in social situations that don’t require police force. <ins>(Kevin N. Hume/S.F. Examiner)</ins>
Unarmed BART ambassadors program formalized with a focus on community service

Public safety and police reform are key elements in campaigns of Board members Dufty and Simon

San Francisco DJ and producer Jah Yzer livestreams most mornings from his home. (Kevin N. Hume/S.F. Examiner)
Roots & Tings build community through music

Lateef the Truthspeaker, Jah Yzer and Winstrong call for voting as a form of healing

On Oct. 13, people lined up to vote early for the presidential election in Southlake, Texas. <ins>(Shutterstock)</ins>
<ins></ins>
Five things to watch for in the run-up to Nov. 3

Down-ballot races, as much as the presidency, will determine the future course of this nation

WeChat (Shutterstock)
U.S. District Court denies Trump request to shutdown WeChat app

A federal judge in San Francisco denied a request by the U.S.… Continue reading

Most Read