UAB Medicine Data Breach Potentially Exposed 652 Patients’ PHI

Medical Data Breach

The UAB Medicine Viral Hepatitis Clinic in Birmingham, AL reported a breach of 652 patients’ protected health information due to two missing data flash drives. UAB Medicine stores data from its Fibroscan machine in flash drives before transferring the data to a computer. Two flash drives containing limited PHI of 652 patients went missing on October 25, 2017.

The information contained in the portable storage devices included the patients’ first and last names, birth dates, gender, test result images and numbers, medical diagnosis, examination dates and times and names of referring physician. The devices did not contain Social Security numbers, insurance details, addresses, phone numbers or any financial information.

Viral Hepatitis Clinic conducted an extensive search for the missing flash drives but they were nowhere to be found. Nobody knows if the flash drives were disposed of by mistake, lost or stolen. UAB Medicine cannot confirm if the PHI stored in the devices had been viewed or accessed by unauthorized persons. The investigation into this breach of data is still ongoing.

Because of the incident, UAB Medicine reviewed its policies and procedures and implemented security measures to prevent similar breaches from happening. All patients impacted by the breach had been notified by mail. Although the risk of identity theft or fraud is low, UAB Medicine advised all patients to monitor their credit reports for signs of fraudulent activity. Also, the healthcare company offered patients free credit monitoring and reporting services for 12 months.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: