The security woes continue for the University of California San Francisco. On Wednesday, UCSF said it issued alerts to 3,569 patients that a computer holding their personal information was breached. There was no evidence that the patient information was accessed, the university said.
The breach was discovered Jan. 11 during routine monitoring of the campus computer network and the investigation, concluded this month, showed that an unknown person used high-level system access to install an unauthorized movie-sharing program around Dec. 2. The computer contained files with lists of patients from the UCSF pathology department’s database and included names, health information and some Social Security numbers.
The intrusion comes after UCSF announced on May 2 that patient information it had given a vendor to help with fundraising was accessible via the Internet. The exposed data included patient names, addresses, and some names of patients’ physicians. UCSF learned of the breach Oct. 9 and terminated its contract with the vendor, Target America, soon after. Patients were notified April 3, after completion of a forensic analysis, UCSF said.
Last year, the university warned about 46,000 people after it discovered an authorized party may have accessed the personal information of UCSF faculty, staff and students by exploiting a hole in a server.
The university said on Wednesday that the latest breach and others nationwide have caused it to redouble its security efforts around protected health information. UCSF Chancellor J. Michael Bishop formed a task force that is charged with conducting a review of actions taken to protect sensitive data, and determining what other steps are needed.