UNC Health Care Breach Potentially Impacts 24,000 Patients

Thieves stole a computer used by UNC Dermatology & Skin Cancer Center in Chapel Hill, NC on October 8, 2017. The stolen computer’s database contained the protected health information of about 24,000 patients who visited the Burlington Dermatology Center located at 1522 Vaughn Road. UNC Healthcare took over Burlington Dermatology Center in September 2015 and retained all the patients’ PHI stored in the password-protected database.

Because a password is necessary to access the patient information in the database, most likely no PHI has been exposed. But, it is possible to guess the password and the patient data were not encrypted. So the patients were notified anyway of the potential data breach to follow the HIPAA Rule and N.C. Identity Theft Act.

The information contained in the database included the patients’ names, phone numbers, addresses, birthdates, Social Security numbers, names of employers and the patient’s employment status. The database might have contained patient diagnosis codes but it is very likely that information on diagnoses, prescriptions and treatments were not exposed.

UNC Health Care already notified law enforcement about the breach and an investigation is on the way. To date, the stolen computer has not been found yet. To protect patients from identity theft and fraud, UNC offered all patients impacted the by breach free 12-month credit monitoring services.

Another data breach was reported by CCRM Minneapolis, PC due to a ransomware attack, which potentially exposed the PHI of 3,280 patients. The ransomware attack happened on October 3, 2017. It was reported that data access and theft did not likely happen because the ransomware attack was merely an extortion attempt. The attackers demanded a ransom in exchange for the key of the encrypted data. Information that was potentially exposed included patients’ names, phone numbers, birthday dates, addresses, driver’s license, Social Security numbers, email addresses, medical records and insurance identification numbers.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA