University laptop theft leaves patients exposed to ID theft

June 11, 2004

By David Becker

http://software.silicon.com/security/0,39024655,39121240,00.htm



The University of California (UCLA) is warning 145,000 blood donors they could be at risk from identity theft due to a stolen university laptop.

UCLA's Blood and Platelet Centre included the advisory in a letter sent last week to all who donated blood through the organisation.

Thieves broke into a locked van last November and grabbed a laptop with a database that includes names, birth dates and Social Security numbers for all blood donors, according to a university statement.

The database did not include medical information other than blood type, according to the statement, and university officials did not recognise the significance of the loss and the potential for identity theft until the matter came up in a security audit last month.

Dr Priscilla I Figueroa, director of the university's division of transfusion medicine, said in the statement: "We deeply regret any inconvenience this incident may cause our blood donors. We hope and trust that they will continue participating in our blood drives and making these lifesaving donations."

The database was password-protected but not encrypted and the statement said the university is reviewing data security policies in light of the incident.

Los Angeles police are investigating the theft and there is no evidence yet that information in the database has been retrieved or misused.

University representatives said in a follow-up statement that a second laptop was stolen two weeks ago from the financial office of the University's health care division, putting personal information for an additional 62,000 patients at risk.

Widespread use of laptops has presented an increasing risk for security theft, with lost or stolen devices potentially exposing data ranging from FBI secrets to tax records in recent years.


main page ATTRITION feedback