Stolen computer puts details of 24,000 patients at risk

The University of North Carolina Health Care System (UNC Health Care) has alerted patients to a potential data breach following the theft of a computer from one of its departments.

On Friday, the non-profit healthcare group flagged a “privacy incident” involving a stolen computer from the UNC Dermatology and Skin Cancer Center in Burlington.

“The stolen computer contained information about affected individuals that was obtained while the affected individuals were patients of the Burlington Dermatology Center, formerly located at this same address,” said UNC Health Care’s chief privacy officer, David Behinfar.

The group acquired the assets of Burlington Dermatology Center back in September 2015, and a computer containing patient information, which remained on-site at the practice following the acquisition, was stolen on October 8 this year.

“We have reason to believe that this computer contained information about affected individuals while they were patients of Burlington Dermatology (through September 2015) in a password-protected database that included their name, address, phone number, employment status, the name of their employer at the time they were seen as a patient, their date of birth, and their social security number,” Behinfar said.

“We do not believe any treatment, diagnosis or prescription records were on the computer, other than diagnosis codes used for billing purposes.”

Local reports said the breach could impact around 24,000 individuals.

In the wake of the computer theft, UNC Health Care said it has “properly secured” all Burlington Dermatology computers left on-site. A police report has been filed, and Behinfar said the group is offering free credit and identity theft protection to potentially affected individuals.

“UNC Health Care is committed to providing superior healthcare services and takes very seriously its obligation to protect the privacy of patient medical information,” he stated.

News of the potential patient data leak in North Carolina follows widespread reports last week that Mecklenburg County had fallen victim to a ransomware attack that took numerous government systems offline.

Mecklenburg is North Carolina’s most populous county, with more than one million residents. And while government workers were reported to be resorting to pen and paper to carry out their duties, officials said they were refusing to pay the $23,000 ransom that was being demanded by the hackers.