http://www.sltrib.com/ci_9540210
By Melinda Rogers
The Salt Lake Tribune
06/11/2008
University of Utah Hospital and Clinics patients are bracing for the
unknown as police and prosecutors investigate the theft of 2.2 million
billing records filled with personal information.
Authorities say the records, stolen out of a courier's personal vehicle
earlier this month, put the private data of patients from the past 16
years at risk.
Tuesday's news was especially unsettling for people like Will Taylor, of
West Valley City, whose premature daughter is a patient at University
Hospital. Taylor has already been the victim of identity theft once,
when thieves racked up credit card charges in his name.
Even so, he was not panicking yet.
"I will ask [the hospital] what precautions I can take and what they are
doing about it," he said.
Measures so far include offering free credit monitoring services for at
least 1.3 million patients whose Social Security numbers were
compromised, and a $1,000 reward for the return of the tapes - no
questions asked.
Salt Lake County Sheriff Jim Winder and Lorris Betz, a senior vice
president for health sciences for University Health Care, say the stolen
records were on backup tapes designed to safeguard the records in case
materials housed in the hospitals and clinics were destroyed.
The tapes were taken from the vehicle of an employee of Sandy-based
Perpetual Storage Inc. near the employee's Kearns home on June 2.
The employee had been assigned to pick up the tapes in a secure company
van and transport them to an off-site vault, said James Nowa, a vice
president for sales and marketing for Perpetual Storage. He violated
company policy by taking them home and leaving them in his car.
A thief then broke into the employee's vehicle near 5200 South and 5000
West, stealing a metal box holding the tapes, Winder said.
Nowa said the 18-year veteran employee has been fired, and the incident
is the first of its kind he knows of in the company's 40-year history.
An investigation is ongoing, but the theft appears to be the work of
inexperienced criminals who likely believed the metal box containing the
tapes was filled with cash, said Winder. After collaborating with the
FBI, Winder said it's unlikely the tapes were stolen to commit identity
theft.
There's no evidence any of the information on the tapes has been
accessed; besides, anyone trying to use the tapes would need specialized
equipment to view the contents, Winder said.
But there are also no guarantees.
"If our information isn't safe, then what is?" patient Dan Christenson,
of Salt Lake City, said Tuesday after learning of the theft.
Christenson regularly monitors his credit and bank accounts online. He
said he now will check those reports more frequently.
Melodie Rydalch, spokeswoman for the U.S. Attorney's Office, said the
FBI and the Utah Identity Task Force, which includes local and county
law enforcement agencies, is investigating the thefts. She warned of
federal penalties for anyone who uses stolen identities.
Betz said the university delayed releasing news of the security breach
to the public until the sheriff's office had completed an initial
investigation.
"We understand this is unwelcome news to our patients," said Betz.
The university had worked with Perpetual Storage for 12 years before the
theft but suspended deliveries after the incident, Betz said. An
assessment of university data security policies and procedures is under
way, he said.
* Tribune reporters PAMELA MANSON and CARLOS MAYORGA contributed to this
report.
-=-
Keeping an eye on your credit, warding off ID theft
* Free credit monitoring services will be provided for patients
whose social security number was compromised. Information on the
services will be included in a letter to patients.
* Consumers can lock their credit lines by contacting the nation's
three credit bureaus individually (http://www.transunion.com,
http://www.experian.com, http://www.equifax.com). The precaution
means anytime you apply for a mortgage, car loan, credit card,
department store account or any other type of credit, you will
have to confirm your identity and unlock your credit report.
* The Utah Attorney General's Office sponsors the Identity Theft
Reporting Information System to assist victims of identity theft
at www.idtheft.utah.gov.
* A $1,000 reward is being offered for the return of the stolen
tapes - no questions asked. Call the Salt Lake County Sheriff's
Office at 801-743-7000.
-=-
What's missing and how to get help
* Stolen patient information can include driver license numbers,
birth dates, physicians' names, insurance providers and procedure
codes designed for billing purposes. Social Security numbers were
also listed for 1.3 million patients. Credit card information was
not in the stolen records.
* A Web site has been set up to answer questions related to the
theft, http://healthcare.utah.edu/billingrecordstheft; or call
the help line, 866-581-3599. Patients will receive notification
and additional information by mail if their records were
compromised.
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jun 11 2008 - 01:08:35 PDT