Educational Security Incidents (ESI)

Quick Facts

• Date: 9/8/2008
• Institution: University of Pittsburgh
• Type of Incident: Theft
• Number Affected: Unknown
• Source: ESI
• Abstract Source: Pittsburgh Tribune-Review

Abstract
The University of Pittsburgh is currently investigating the theft of a laptop containing alumni data. The laptop, stolen from the university's College of Business Administration on August 11, contained the names and Social Security numbers of an unknown number of alumni. The university sent out letters to the affected alumni on August 27. According to university officials, the information, placed on the laptop as part of a survey of undergraduate business school alumni, was stored against university policy. University officials declined to say if the employee responsible for storing the information on the laptop would face any disciplinary actions.

Quick Facts

Quick Facts

• Date: 4/15/2007
• Institution: University of Pittsburgh Medical Center
• Type of Incident: Unauthorized Disclosure
• Number Affected: 8
• Source: Pogo Was Right
• Abstract Source: The Post-Gazette

Abstract
Following in the wake of the UPMC’s earlier patient information exposure, UPMC is announcing that a second set of patient records used in a 2002 presentation were found on the Web. These 8 records, including names, Social Security numbers, X-rays and other medical information, were included in the 2002 presentation that was archived by The Internet Archive in 2003 from the UPMC radiology web site. UPMC has since contacted The Internet Archive and requested the material be removed. However, as of Friday, April 14, the information was still available. UPMC is also contacting the 8 patients affected by this incident and offering to pay for one year of credit monitoring service.

(Special thanks to Dissent of Pogo Was Right for letting me know we missed this story)

Quick Facts

• Date: 4/12/07
• Institution: University of Pittsburg Medical Center
• Type of Incident: Unauthorized Disclosure
• Number Affected: 80
• Source: Pogo Was Right
• Abstract Source: Pittsburg Tribune-Review

Abstract
The University of Pittsburg Medical Center is working to determine how patient information was placed on a publicly accessable web page. The information on 80 UPMC patients contained names, Social Security numbers and radiology images. This information was first used in a 2002 medical symposium and placed on an internal web site where medical faculty share work and information. In 2005 this information ended up on the UPMC public radiology web site, but was quickly removed. However, for some reason this same information was once again posted to a public UPMC web site. While UPMC officials work to determine how this unauthorized disclosure came to be, all affected patients have been notified of the incident and UPMC has offered to pay for credit monitoring services with any of the major credit bureaus.

Quick Facts

• Date: 1/1/2006
• Institution: University of Pittsburgh
• Type of Incident: Theft
• Number Affected: 700
• Source: Privacy Rights Clearinghouse
• Abstract Source: Pittsburgh Post Gazette

Abstract

In December, six computers were stolen from the University of Pittsburgh Medical Center's (UPMC) Squirrel Hill Family Medince office. These computer contained names, Social Security Numbers and birthdates on as many as 700 patients. The University was quick to point out that the data compromised was "not information about health care, not information about their medical conditions". In a letter sent on December 20, UPMC notified the patitents of the breakin and offered to help