A security breach exposing the data of over 1,200 patients has recently been disclosed by the University of Miami. The Miller School of Medicine patient data was stolen back in November 2011, together with a flash drive, when someone broke into a pathologist’s car and took the briefcase where the portable device was stored.

The flash drive contained details such as age, sex, diagnosis and treatment information for patients treated from 2005 to 2011, the University of Miami disclosed in a press release. No financial information or Social Security numbers had been stored on the drive, according to the same press release.

Following federal law, UM is informing the patients involved, according to the press release, but “there is no indication that the information was accessed or misused in any way.”

The university promised to review and revise its physical and digital security policies to make sure patient data is safely stored and privacy is ensured. However, this is not the first incident they have had to deal with. Back in 2008, computer tapes with confidential information on 2.1 million patients was taken by a thief from a van transporting them. So when it comes to patient data kept in cars, the University of Miami has not changed anything in the past three years, but we can hope they will do better than empty promises next time.

Till the next data breach, we can surely hope so!

After analyzing the couple of dozens of breaches that made it to the security news pages last week, we concluded hackers going wild on websites and stolen hardware, particularly laptops, were the most frequent causes for data loss last week. The Citigroup breach did take center stage, as it turned out they downplayed the number of exposed accounts a little. By a little we mean they almost cut them in half! The originally disclosed 200,000 turned out to be 360,000. Just a minor overlook, I’m sure.

But the Citigroup situation was far from feeling lonely last week. Here are part of the security fails caused by successful hacking attempts and lost hardware:

Hackers breaching security

Workspace reported a hack that breached its legacy platform and exposed client data.

Hackers also breached WriterSpace.com, accessed 12,000 members’ email addresses and then posted them online for everyone to see.

BioWare also dealt with a hacker breaching their security. The result was 18,000 user account names, passwords, email addresses, and birth dates being exposed.

Stolen Hardware Exposing Data

Area Agency on Aging, Inc. reported one of its laptops having been stolen. Said notebook contained 43,000 consumers’ health information and 35,000 personal representatives’ contact information.

Harrisburg Project also had a laptop taken from a van. It contained records or 7,841 students and 2,613 staff members, including Social Security numbers, student ID numbers and teaching certificate numbers.

A teacher at the Surbiton Children’s Centre Nursery had their bag stolen. With it, a flash drive was also taken, which stored 21 students’ educational information. At least the numbers of affected parties are lower in this case!

As a new week begins, I wholeheartedly wish you a safe journey! Remember to encrypt data to prevent such incidents and to use the proper data loss prevention and endpoint security solutions to be protected!.

Although there are measures than can be taken to prevent data breaches caused by employees and to involve the personnel more into avoiding such occurrences, there are a lot of security mishaps caused by the loss, theft or misplacing of company hardware by staffers. Laptops, hard drives, USB stick  and other storage devices are being lost or stolen on a daily basis, exposing the private data of thousands of people to identity theft or fraud, and many of them occur in the health sector.

For example, a computer that may contain information on 20,000 Reid Hospital patients was stolen from a hospital employee home office at the beginning of last month.The computer contained some Medicaid and Medicare files for patients who received services between 1999 to 2008.

Also, the Alberta Health Services have recently been informed by Dr. R. Burnham and the Associates Medical Clinic in Lacombe that a portable hard drive, containing copies of about 1,000 Alberta Health Services’ Central Alberta Pain & Rehabilitation Institute (CAPRI) client records.was recently stolen. No evidence of that data being used has surfaced so far, but the threat is still very real.

Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.

The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…

At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.

Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.

AvMed Health Plans is currently dealing with a prominent data breach after having two company laptops stolen from their corporate offices in Gainesville in early December. The theft could compromise personal information of over 200,000 current and former subscribers, as well as their dependents, said a company announcement quoted by Gainesville.com.

The two laptops contained details such as names, addresses, phone numbers, Social Security numbers and protected health information. Yet the company states that the risk of identity theft is very low, as data was listed in a random way, regardless of the fact that, 12 days after the incident, AvMed discovered the data on one of the two laptops was not properly encrypted.

AvMed states there were no reports of identity theft up to now, but they will only have a clearer view on the situation after their members start registering for identity protection, service provided by the company for free for the next 24 months.

In the second half of November, Starbucks disclosed a security breach that had occured a month earlier. A company laptop went missing and was thought to be stolen. It contained private details of 97,000 employees from accross he USA.

The data loss was announced through a memo posted on Starbucksgossip.com and was later confirmed by Starbucks officials. The memo also recommended those affected to monitor their financial accounts and look or any suspicios activities, as well as take all the necesary steps to prevent misusage of the lost records.

According to Seattlepi.com, this isn’t the first laptop containing company information stolen from Starbucks. In 2006, the company discovered it had misplaced 4 out-of-use laptops containing the names, addresses and Social Security numbers of 50,000 former and 10,000 then-current employees. One would expect enhanced security after such an incident.