2-Year Data Breach Discovered by University of Iowa Health Care

The names, admission dates and medical record numbers of 5,292 patients of University of Iowa Health Care were accessible over the Internet for around 2 years as a result of an error configuring an application development website.

University of Iowa Healthcare reports the data were exposed in May 2015 and remained accessible over the Internet until May 1, 2017 when the website was secured. University of Iowa Healthcare was notified of the matter on April 29 by a third party.

That individual was an expert security researcher, indicating the discovery did not result in any further disclosure of the information. However, it is unclear whether any other individuals gained access to the data during the time the information was unprotected. University of Iowa Healthcare reports that its investigation of the breach did not uncover evidence to suggest the information had been accessed. UIHC spokesperson Tom Moore said, “To our knowledge, the files had limited views.”

The exposed data was limited and did not include any financial information, insurance details, clinical data, or Social Security numbers. Individuals affected by the incident have now been notified and advised to exercise caution nonetheless and monitor Explanation of Benefits statements for any sign of data misuse. Notification letters were dispatched on June 22, 2017.

The breach prompted UIHC to conduct a comprehensive risk analysis to identity vulnerabilities that could threaten the confidentiality of protected health information. Issues uncovered by the risk analysis have now been addressed and information security has been improved. UIHC is also increasing oversight of the development and management of custom databases and will be tightening its processes to prevent future incidents of this nature from occurring.

UIHC will also be retraining employees on data privacy and providing further education to individuals on the use of authorized tools to move data sets.

About Ryan Coyne 218 Articles
Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan’s professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn https://www.linkedin.com/in/ryancoyne/ and follow on Twitter https://twitter.com/ryancoyne