Quick Facts

• Date: 1/27/2010
• Institution: University of California, San Francisco
• Type of Incident: Theft
• Number Affected: 4,400
• Source: ESI
• Abstract Source: San Francisco Business Times

Abstract
The University of California, San Francisco recently announced the recovery of a stolen laptop containing patient information. The laptop, stolen from the UCSF School of Medicine employee around November 30th, contained the name, medical record number, age and clinical information on 4,400 patients. The UCSF police department began investigating the theft on December 1st and the laptop was recovered on January 8th. A review of the laptop determined the files contained "limited data" on UCSF Medial Center patients as well as some information on Beth Israel Deaconess Medical Center. UCSF has setup a hot line - 877-809-1270 x74005 - to help answer questions about the incident.

Quick Facts

• Date: 12/15/2009
• Institution: University of California, San Francisco
• Type of Incident: Penetration
• Number Affected: 600
• Source: PHIPrivacy.net
• Abstract Source: San Francisco Business Times

Abstract
The University of California, San Francisco has alerted patients after a physician's email account was compromised. The email account contained demographic and clinical information as well as some Social Security numbers on 600 patients. The email account became compromised in mid-October after the physician fell victim to a phishing scam. Accordign to UCSF news director Corinna Kaarlela, these 600 individuals were notified staring October 21 and December 11, 2009 which is the period during with the university conducted an in-depth investigation into the incident. While the investigation uncovered no indication the emails were accessed, individuals potentially affected were urged to carefully review statement from health insurers for suspicious payments and immediately report any discrepancies to their insurance provider.

Quick Facts

• Date: 5/29/2008
• Institution: University of California, San Francisco
• Type of Incident: Penetration
• Number Affected: 3,569
• Source: Attrition.org
• Abstract Source: UCSF News Office

Abstract
The University of California, San Francisco is currently alerting a number of patients that their information may have been accessed by an unknown individual. In January 2008, UCSF noticed odd traffic coming from a computer in January and an investigation turned up that an unknown individual installed an unauthorized file sharing program on the computer. This computer also contained the names, Social Security numbers, dates of pathology service and health information of 2,625 UCSF patients and 944 patients whose tissue samples were used by the department. While there is no evidence the patient files were accessed, UCSF takes this incident and patient confidentiality very seriously. The university has created a hotline - 415-353-7427 - and e-mail address - PathHotline@ucsf.edu - to help answer any questions affected individuals might have.

Quick Facts

• Date: 5/2/2008
• Institution: University of California, San Francisco
• Type of Incident: Unauthorized Disclosure
• Number Affected: 6,313
• Source: ESI
• Abstract Source: San Francisco Chronicle

Abstract
The University of California, San Francisco is alerting patients after personal patient information connected with the university was found online. In October of 2007, UCSF became aware that patient information the university had shared with Target America Inc. to help identify potential donors was available online. The information available included the names, addresses, names of departments where patient received care and in some cases patient medical record numbers and physicians providing care on 6,313 UCSF patients. UCSF took immediate action to remove public access to the data once it was aware of the incident. In addition, UCSF ended the business agreement it had with Trade America shortly after the incident was discovered. UCSF is mailed notification letters to the affected patients in April. It is not known why UCSF waited so long to notify patients about the exposure.

Quick Facts

• Date: 4/18/2007
• Institution: University of California, San Francisco
• Type of Incident: Theft
• Number Affected: 3,000
• Source: Attrition.org
• Abstract Source: UCSF News Office

Abstract
University of California, San Francisco mailed out letters to 3,000 individuals after the theft of a computer server from a locked UCSF office on March 30. The server was used as part of a UCSF cancer research study aimed at learning the natural course of the disease to help improve early diagnosis, effective treatment and prevent reoccurrence. Contained on this computer were names, contact information, Social Security numbers and some personal health information on current and potential study subjects. While there is nothing about this theft to suggest that patient information was the target, UCSF sent out the notifications as a precaution. In addition, UCSF has created a web site - http://www.ucsf.edu/alert - and a telephone hotline – 866-485-8777 – to help answer any questions individuals might have. The UCSF Police Department is working with the San Francisco Police Department to investigate the theft.