A computer device belonging to UNC Dermatology & Skin Cancer Center in Chapel Hill, NC, has been stolen in a burglary, possibly exposing the protected health information of up to 24,000 patients of the clinic.
Thieves removed the computer from the premised on October 8, 2017. UNC Health Care said the stolen computer contained a database on that gathered the protected health information of patients who had previously been treated at the Burlington Dermatology Center at 1522 Vaughn Road. UNC Healthcare took over management of the clinic in September 2015, and private data relating to patients who had visited the center for treatment before that time was stored in the password-protected database.
It is possible that no PHI has been disclosed as the database requires a password to gain access to it. However as the database was not encrypted, patients are being told about of the potential privacy violation in order to comply with HIPAA and N.C. Identity Theft Act requirements.
Information such as names, addresses, phone numbers, dates of birth, Social Security numbers, and the employment status of patients and the names of employers at the time of their visit was contained on the database.
Though it may be possible that diagnosis codes were also held on the database, UNC Health Care does not believe details of diagnoses, treatments, and prescriptions have been put placed in danger.
An investigation has begun by law enforcement agencies, but the stolen computer has not been found so far.
As a precautionary measure all patients that had their private data compromised in the breach have been offered credit monitoring services for one year for free.
Patients of CCRM Minneapolis Warned About Ransomware Attack
A ransomware attack has targeted CCRM Minneapolis, P.C., potentially allowing the attackers to steal to the protected health information of almost 3,280 patients.
The cyberattack occurred on or around October 3, 2017. While data access and PHI theft are not thought likely, and no proof was found to suggest this was anything other than a theft attempt involving the encryption of data, CCRM Minneapolis reports that data stored on the accessed server may have been obtained illegally by individuals.