http://www.sltrib.com/ci_9540210 By Melinda Rogers The Salt Lake Tribune 06/11/2008 University of Utah Hospital and Clinics patients are bracing for the unknown as police and prosecutors investigate the theft of 2.2 million billing records filled with personal information. Authorities say the records, stolen out of a courier's personal vehicle earlier this month, put the private data of patients from the past 16 years at risk. Tuesday's news was especially unsettling for people like Will Taylor, of West Valley City, whose premature daughter is a patient at University Hospital. Taylor has already been the victim of identity theft once, when thieves racked up credit card charges in his name. Even so, he was not panicking yet. "I will ask [the hospital] what precautions I can take and what they are doing about it," he said. Measures so far include offering free credit monitoring services for at least 1.3 million patients whose Social Security numbers were compromised, and a $1,000 reward for the return of the tapes - no questions asked. Salt Lake County Sheriff Jim Winder and Lorris Betz, a senior vice president for health sciences for University Health Care, say the stolen records were on backup tapes designed to safeguard the records in case materials housed in the hospitals and clinics were destroyed. The tapes were taken from the vehicle of an employee of Sandy-based Perpetual Storage Inc. near the employee's Kearns home on June 2. The employee had been assigned to pick up the tapes in a secure company van and transport them to an off-site vault, said James Nowa, a vice president for sales and marketing for Perpetual Storage. He violated company policy by taking them home and leaving them in his car. A thief then broke into the employee's vehicle near 5200 South and 5000 West, stealing a metal box holding the tapes, Winder said. Nowa said the 18-year veteran employee has been fired, and the incident is the first of its kind he knows of in the company's 40-year history. An investigation is ongoing, but the theft appears to be the work of inexperienced criminals who likely believed the metal box containing the tapes was filled with cash, said Winder. After collaborating with the FBI, Winder said it's unlikely the tapes were stolen to commit identity theft. There's no evidence any of the information on the tapes has been accessed; besides, anyone trying to use the tapes would need specialized equipment to view the contents, Winder said. But there are also no guarantees. "If our information isn't safe, then what is?" patient Dan Christenson, of Salt Lake City, said Tuesday after learning of the theft. Christenson regularly monitors his credit and bank accounts online. He said he now will check those reports more frequently. Melodie Rydalch, spokeswoman for the U.S. Attorney's Office, said the FBI and the Utah Identity Task Force, which includes local and county law enforcement agencies, is investigating the thefts. She warned of federal penalties for anyone who uses stolen identities. Betz said the university delayed releasing news of the security breach to the public until the sheriff's office had completed an initial investigation. "We understand this is unwelcome news to our patients," said Betz. The university had worked with Perpetual Storage for 12 years before the theft but suspended deliveries after the incident, Betz said. An assessment of university data security policies and procedures is under way, he said. * Tribune reporters PAMELA MANSON and CARLOS MAYORGA contributed to this report. -=- Keeping an eye on your credit, warding off ID theft * Free credit monitoring services will be provided for patients whose social security number was compromised. Information on the services will be included in a letter to patients. * Consumers can lock their credit lines by contacting the nation's three credit bureaus individually (http://www.transunion.com, http://www.experian.com, http://www.equifax.com). The precaution means anytime you apply for a mortgage, car loan, credit card, department store account or any other type of credit, you will have to confirm your identity and unlock your credit report. * The Utah Attorney General's Office sponsors the Identity Theft Reporting Information System to assist victims of identity theft at www.idtheft.utah.gov. * A $1,000 reward is being offered for the return of the stolen tapes - no questions asked. Call the Salt Lake County Sheriff's Office at 801-743-7000. -=- What's missing and how to get help * Stolen patient information can include driver license numbers, birth dates, physicians' names, insurance providers and procedure codes designed for billing purposes. Social Security numbers were also listed for 1.3 million patients. Credit card information was not in the stolen records. * A Web site has been set up to answer questions related to the theft, http://healthcare.utah.edu/billingrecordstheft; or call the help line, 866-581-3599. Patients will receive notification and additional information by mail if their records were compromised. _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jun 11 2008 - 01:08:35 PDT