- University of Virginia investigates student SSN mistake
The University of Virginia’s Chief Operating Officer, Pat Hogan, will lead a task force to review the policies that led to 18,700 student social security numbers to be printed on the outside of health insurance enrollment fliers sent to their homes. The massive breach was cause by an automated mail merge program that accidentally pulled SSNs along with home address information, which was also forwarded to Aetna.
“We regret that this happened, and I want to assure you that the university is taking immediate steps to mitigate the situation and to prevent a recurrence,” UVA President Teresa A. Sullivan said in a statement. “The protection of personal information of students, faculty and staff is a top priority. “The university has worked over the past several years to make sure confidential information and data are as secure as possible, and we remain committed to this effort.”
UVA is starting to phase out the use of social security numbers as the primary identifier for its students, which may be a good idea now that 90% of its 21,000 students have had the information compromised. Affected students have been offered credit monitoring services.
Indiana hospital apologizes for PHI processing error
Clark Memorial Hospital in Jeffersonville, Indiana issued a statement apologizing for a third-party mailing company’s mistake that led to compromised personal health information for 1,087 patients. Billing statements for those patients were sent to the incorrect address, and included names, dates of service, billing information, insurance information, and financial status for each account. The hospital stresses that detailed clinical information, birth dates, and social security numbers were not included in the mailing from Mail Louisville, Inc.
“Clark Memorial Hospital deeply regrets that this occurred. Clark Memorial is committed to providing quality care and protecting PHI. Affected patients who have a valid address on file will be notified by letter in the coming days. The Hospital has worked with Mail Louisville for many years without incident and trust that they have taken, and will continue to take, the necessary steps to resolve this issue,” the statement says. The hospital has set up a call center to address concerns about the breach.