UP Medical Center
UPMC Mailers Displayed Social Security Numbers
Quick Facts
Abstract
University of Pittsburgh, Medical Center is apologizing to a patients after a recent security incident accidentally exposed Social Security numbers. In all, 6000 UPMC letters mailed to patients had the Social Security numbers visible through the window on the front of the envelope. According to UPMC officials, the Social Security numbers were part of a tracking code and not easily identifiable as unique SSNs. However, in a letter to the affected patients, UPMC is offering to pay for one year of credit monitoring service.
Another UPMC Presentation Containing Patient Information Found On Web
Quick Facts
- Date: 4/15/2007
- Institution: University of Pittsburgh Medical Center
- Type of Incident: Unauthorized Disclosure
- Number Affected: 8
- Source: Pogo Was Right
- Abstract Source: The Post-Gazette
Abstract
Following in the wake of the UPMC’s earlier patient information exposure, UPMC is announcing that a second set of patient records used in a 2002 presentation were found on the Web. These 8 records, including names, Social Security numbers, X-rays and other medical information, were included in the 2002 presentation that was archived by The Internet Archive in 2003 from the UPMC radiology web site. UPMC has since contacted The Internet Archive and requested the material be removed. However, as of Friday, April 14, the information was still available. UPMC is also contacting the 8 patients affected by this incident and offering to pay for one year of credit monitoring service.
(Special thanks to Dissent of Pogo Was Right for letting me know we missed this story)
UPMC Patient Information Placed on Web, Removed and Placed on Web Again
Quick Facts
- Date: 4/12/07
- Institution: University of Pittsburg Medical Center
- Type of Incident: Unauthorized Disclosure
- Number Affected: 80
- Source: Pogo Was Right
- Abstract Source: Pittsburg Tribune-Review
Abstract
The University of Pittsburg Medical Center is working to determine how patient information was placed on a publicly accessable web page. The information on 80 UPMC patients contained names, Social Security numbers and radiology images. This information was first used in a 2002 medical symposium and placed on an internal web site where medical faculty share work and information. In 2005 this information ended up on the UPMC public radiology web site, but was quickly removed. However, for some reason this same information was once again posted to a public UPMC web site. While UPMC officials work to determine how this unauthorized disclosure came to be, all affected patients have been notified of the incident and UPMC has offered to pay for credit monitoring services with any of the major credit bureaus.
