Data Breach Puts Kidney Dialysis Patient Info at Risk

Lora Bentley

For those of us who tend to think that data breaches happen far away and to everyone else comes this reminder from the public radio station right here in IT Business Edge's hometown of Louisville, Ky.


WFPL News reports the University of Louisville has alerted roughly 700 patients in the university's kidney dialysis program that personal information, including their names and Social Security numbers, was briefly accessible outside of the program. University spokesman Mark Hebert explained the information was not password protected and was leaked to "the public domain on the Internet."


The dialysis program's website has since been shut down, and the university has offered to pay for a year of credit monitoring for the affected patients, the story says.


Fortunately, no instances of identity theft have yet been reported as a result of the breach. But no harm doesn't always mean no foul where data breach is concerned, especially since this one could have been prevented with just a password. The university could have saved itself the embarrassment - not to mention the cost of credit monitoring times 700 - by adding password protection.


What makes this particular breach an even better example of what to avoid is that it also put health information at risk. Now that the HITECH Act has added teeth to HIPAA's privacy and security enforcement provisions, health care organizations and their business associates are also responsible for protecting patients' personally identifiable health information.


If regulators were to look into this breach, I'm guessing it wouldn't sit well that this particular program wasn't even password protected.

Add Comment      Leave a comment on this blog post
Jun 4, 2010 10:46 AM Chris Chamberlain Chris Chamberlain  says:

I am one of these people and I have not been a patient - do they own my information forever to seek grants and make money from my personal info ? These are not just stats. When I called them today to ask questions it was a total different scenario that they told me from the news report. How will I know how this has or will effect me ?  I will get a credit report without their assistance. How can I report this so that it will be reviewed ?

Jul 5, 2010 9:58 AM kidney stones treatment kidney stones treatment  says:

That's scary. With just one mistake a patient's life could be in great danger. They need specialized people to do this job.

Feb 4, 2011 11:32 AM kidney stones treatment kidney stones treatment  says:

This is the big problem in many hospital, they are not technical people so they do not know how to protect patient's identity or even their own data....I hope they have updated their seucrity....


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.