UNC Health Care Breach Possibly Affects 24,000 Patients

A laptop utilized by UNC Dermatology & Skin Cancer Center in Chapel Hill, NC, has been stolen, disclosing the PHI of roughly 24,000 patients.

The laptop was stolen by crooks during a robbery on October 8, 2017. UNC Health Treatment stated a file on the stolen laptop had the PHI of sick persons who had earlier paid a visit to the Burlington Dermatology Center. UNC Healthcare started the practice during September 2015, as well as particulars of sick persons who had paid a visit to the center for a cure before September 2015 were saved in the password-protected databank.

As the databank needs a password to gain access to patient info, it’s probable that no PHI has been disclosed. Nevertheless, as passwords can be predicted, and the databank wasn’t encrypted, patients are being alerted of the possible secrecy breach to meet HIPAA as well as N.C. Identity Theft Act needs.

The databank had info like names, phone numbers, addresses, Social Security numbers, dates of birth, and the service standing of patients as well as the names of companies at the time of their visit. Although it’s possible that analysis codes were also there in the databank, UNC Health Care doesn’t think details of treatments, diagnoses, and medicines have been disclosed.

The theft has been informed to police and an inquiry is continuing, however, the stolen laptop hasn’t yet been regained.

As a protection against identity thievery and scam, all patients affected by the breach have been provided credit checking facilities for 12 months free of charge.

CCRM Minneapolis Warns Patients of Ransomware Attack

CCRM Minneapolis, P.C., has faced a ransomware attack that has possibly let the assailants gain access to the PHI of 3,280 patients.

The attack happened on or around October 3, 2017. Although data access, as well as PHI thievery, are not doubted, and no proof was disclosed to indicate this was anything except a blackmail attempt concerning the encryption of files, CCRM Minneapolis informs that files stored on the undermined server might have been seen.

Data possibly disclosed includes names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver’s license numbers, medical files, as well as insurance identification numbers.