The skin cancer center and the UNC dermatology located in Chapel Hill, NC used a computer and its information has been stolen. This incident exposed the information of 24,000 patients. During the robbery on 8th of October 2017, the thieves steal the computer of the company. According to UNC healthcare department, the stolen device contained the information of the patients who visited the dermatology center. UNC healthcare department checked the details of the patients who went to the healthcare center for the treatment before September 2017. The management kept the data in password protected files.
Since there was a password on the protected files, there is a possibility that the unauthorized people will not have access to the documents, showing that there is no data loss. Although, there is a possibility that the people may assume the password and get the information present in the files. For this, all the patients were notified for the potential breach to meet the N.C identity and HIPAA rules.
The affected database contained the information like the names, the phone numbers, the addresses, and the date of birth, SSN and the status of the patients who visited the center. There is a possibility that the database contained the codes of diagnosis rather than the complete information so they believe that the information about the treatment, prescription and the diagnosis have not been exposed yet.
The management reported the theft to the law enforcement and they started the investigation which is still under process. Even after reporting the theft, the stolen computer has not been recovered till now. All the victims of the data breach were offered for free data monitoring for 12 months as a compliment.
CCRM Minneapolis warned patients for the Ransomware attack
CCRM Minneapolis found the ransomware attack that helps the attackers to get access to the PHI of 3,280 individuals. The attack occurred on 3rd October 2017 and it has been great time when the management did not even heard any news for misuse of data. According to CCRM Minneapolis, found that the data on the server may be reviewed. The exposed data may include the names of the patients, addresses, phone numbers, and the dates of birth, license numbers, email addresses, SSN, medical records and insurance numbers.