UAB Medicine Data Breach Potentially Exposed 652 Patients’ PHI

The UAB Medicine Viral Hepatitis Clinic in Birmingham, AL reported a breach of 652 patients’ protected health information due to two missing data flash drives. UAB Medicine stores data from its Fibroscan machine in flash drives before transferring the data to a computer. Two flash drives containing limited PHI of 652 patients went missing on October 25, 2017.

The information contained in the portable storage devices included the patients’ first and last names, birth dates, gender, test result images and numbers, medical diagnosis, examination dates and times and names of referring physician. The devices did not contain Social Security numbers, insurance details, addresses, phone numbers or any financial information.

Viral Hepatitis Clinic conducted an extensive search for the missing flash drives but they were nowhere to be found. Nobody knows if the flash drives were disposed of by mistake, lost or stolen. UAB Medicine cannot confirm if the PHI stored in the devices had been viewed or accessed by unauthorized persons. The investigation into this breach of data is still ongoing.

Because of the incident, UAB Medicine reviewed its policies and procedures and implemented security measures to prevent similar breaches from happening. All patients impacted by the breach had been notified by mail. Although the risk of identity theft or fraud is low, UAB Medicine advised all patients to monitor their credit reports for signs of fraudulent activity. Also, the healthcare company offered patients free credit monitoring and reporting services for 12 months.