652 Patients have PHI Exposed in UAB Medicine Breach

by | Dec 7, 2017

A breach of patients’ protected health information (PHI) at the UAB Medicine Viral Hepatitis Clinic in Birmingham, AL has been discovered.

UAB Medicine uses flash drives to send data from its Fibroscan machine to another computer. On October 25, 2017, two flash drives were found to be missing from their normal locations. The portable storage devices held a limited amount of PHI of 652 patients.

Information held on the devices included first and last names, gender, birth dates, images and numbers relating to test details, medical prognosis, names of referring physician, and the dates and times of the examinations held.

UAB Medicine has revealed that no Social Security details, financial data, insurance details, addresses, or phone numbers were held on the flash drives.

A rigorous search of Viral Hepatitis Clinic was carried out, but the flash drives could not be found. The review into the breach is ongoing. It is not yet known whether the flash drives were mistakenly disposed of, lost within the facility, or if they were taken illegally. UAB Medicine therefore cannot confirm whether the PHI on the devices has been viewed by unauthorized people.

The breach of PHI has lead to UAB Medicine to review its security measures and putting in place safeguards to prevent similar incidents from occurring in the future. All patients affected by the incident were advised of the breach by mail recently.

Due to the limited nature of data that was accessible, patients are not thought to face a high risk of identity theft and fraud. As a safety measure, patients have been told to monitor their credit reports for any evidence of fraudulent activity.

Since the potential for unauthorized access of PHI cannot be eliminated, UAB Medicine is also providing patients impacted by the incident one year of credit monitoring and reporting services for freee.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy