Quick Facts

• Date: 2/26/2010
• Institution: Santa Rosa Junior College
• Type of Incident: Unauthorized Disclosure
• Number Affected: 403
• Source: ESI
• Abstract Source: Press Democrat

Abstract
Santa Rosa Junior College is alerting applicants after an email containing personal information was mistakenly sent to applicants. The email, which was mistakenly included on an email to eight applicants requesting information verification, included a spreadsheet attachment containing the names, addresses, Social Security numbers, phone numbers, email addresses and grades on 403 SRJC nursing program applicants. SRJC notified the 403 individuals within 24 hours and the college asked the 8 individuals receiving the email to allow college staff to remove the email from their computers.

Quick Facts

• Date: 2/23/2010
• Institution: University of New Mexico, Health Sciences Center
• Type of Incident: Penetration
• Number Affected: 1,900
• Source: DataLoss DB
• Abstract Source: UNM Health Science Center

Abstract
The University of New Mexico Health Sciences Center recently notified patients after discovering malware on clinic computers. The infected computers, two stand alone machines in a small off-site clinic, contained records with names and other limited information on 1,900 patients treated at that clinic between 2007 and 2009. HSC discovered the problem after investigating an alert received by an external information technology security association. While the investigation did turn up the these two infected computers, there is no evidence of compromise on any other HSC system nor is there evidence that HSC was specifically targeted in the attack. In response to the potential exposure, HSC has taken the computer offline and secured the data. More information is available on the HSC Information Safeguards web site.

Quick Facts

• Date: 2/17/2010
• Institution: Southern Illinois University, Carbondale
• Type of Incident: Penetration
• Number Affected: 900
• Source: ESI
• Abstract Source: Daily Egyptian

Abstract
Southern Illinois University, Carbondale officials recently notified students after a breach of a computer containing sensitive information was discovered. The computer, which belonged to the Mathematics Department, contained the names and Social Security numbers of 900 students that took Math 113 five years prior. According SIUC officials, the information was exposed after a virus infected the older computer. Of the students affected, at least one has reported attempts of identity theft.

Quick Facts

• Date: 2/12/2010
• Institution: University of Texas Medical Branch
• Type of Incident: Employee Fraud
• Number Affected: 1,200
• Source: DataLoss DB
• Abstract Source: Galeston Daily News

Abstract
The University of Texas Medical Branch recently began notifying some patients about possible identity theft. The notifications were sent out after MedAssets, a billing company assisting UTMB with patient billing, notified UTMB officials that an employee with access to UTMB patient information had been charged with identity theft. All told, UTMB sent notifications to 1,200 patients whose personal information, Social Security numbers and insurance information may have been compromised. The employee was, arrested in Dallas, was implicated in an indentity theft investigation dealing with 40 cases and losses of $1 million. While MedAssets were notified of the arrest on December 15, UTMB was not notified until January 21.

Quick Facts

• Date: 2/11/2010
• Institution: University of Texas Medical Branch
• Type of Incidents: Employee Fraud
• Number Affected: 2,400 (updated)
• Source: PHIPrivacy.net
• Abstract Source: Houston Chronicle
• Update1 Source: Houston Chronicle
• Update2 Source: DataBreaches.Net

Abstract
The University of Texas Medical Branch is investigating if any patient data was stolen after officials were informed that an employee of a contractor was arrested for identity theft. The employee, Katina Rochelle Candick, was arrested and charged identity theft and is accused of using a stolen identity to gain employment at MedAssets, a company hired by UTMB to assist with billing. While none of the charges stem from Candick's access to UTMB data, the university contacted the individuals whose information Candick may have had access too. This information included names, address, Social Security Numbers and insurance information on 1,200 UTMB patients. In the letter, UTMB offers tips on monitoring credit reports as well as informs the individuals of identity theft protection being offered by MedAssets. UTMB no longer does business with MedAssets.

Update1
The University of Texas Medical Branch sent out an additional 1,200 notices regarding the risk of identity theft after police discovered personal information in possession a former MedAssets employee. In addition, at least 10 individuals previously notified have come forward to report they have been victimized by identity theft.

Update2
Katina Candick was sentenced to 15 years in federal prison and order to pay $163,185 in restitution after pleading guilty to charges of unlawful possession of fraudulent identification documents and conspiracy to commit identity theft in US District Court.