Patient information compromised
The UH College of Optometry posted a notice on their website Friday saying there had been a digital security breach at one of their affiliated neighborhood clinics off-campus.
On February 22, an unknown attacker broke into La Nueva Casa de Amigos Eye Clinic’s database, which contained 7000 patient records from as far back as January 2006, from somewhere outside the U.S. and deleted the records.
“We have no proof that that information was copied,” said Chief Information Security Officer for UH and the UH System Mary Dickerson.
The information contained within the records included names, personal and contact information, medical information and insurance information. Although Social Security and driver’s license numbers and were not among the personal information that may have been stolen, affected patients are still encouraged to take steps to protect themselves from identity theft, said the announcement on the College of Optometry’s website.
“Please know that if anyone from La Nueva Casa de Amigos Eye Clinic contacts you by telephone about this incident, you will not be asked to provide or confirm your social security number, credit card information or driver’s license number,” the announcement said.
The reason there was nearly a month’s delay between the incident and the notification, Dickerson said, was that an investigation was undertaken first to ensure the accuracy of the information sent. Also, the notification process itself “took some time to address” due to how extensive it was, she said.
In response to the break-in, UH has sent letters to notify those whose information was compromised and is working with the clinic to instal additional network protections.
“There were many protections in place,” Dickerson said. “Unfortunately, there are many different ways that information can be compromised.”
While there were measures taken to protect the data beforehand, on-site UH databases tend have a much hardier security system.
“Because this was a remote clinic, some of those protections were not in place,” Dickerson said.
UH is working with law enforcement, including the FBI, to investigate the breach, Dickerson said.