UPMC mailing exposes patients to identity theft risk


Patricia Sabatini


Another mishap at the University of Pittsburgh Medical Center involving Social Security numbers has exposed thousands of patients to the threat of identity theft.

The incident involves donor solicitation letters the medical center mailed to about 6,000 former patients on May 7. The mailing included donor response cards, most of which "inadvertently" contained a tracking code that included the recipient's Social Security number visible through the envelope window, spokesman Frank Raczkiewicz said.

UPMC said it believed the risk of identity theft was "very low" and knew of no theft or misuse of personal information tied to the mailing.

The region's largest health-care network uses tracking codes to make sure its mailing lists are current, Mr. Raczkiewicz said.

The medical center sent letters to the affected patients last week apologizing for the "oversight" and offering to pay for a credit monitoring service for one year. The letters also explained how recipients could place a fraud alert on their credit files.

"We believe anyone who would have seen the [tracking] number as the letter went through the mailing process would not have known what it was," UPMC said in its letter of apology. "We are taking this matter very seriously. However, we believe the threat to your identity is very low."

The incident is not related to last month's disclosure that names, Social Security numbers and other personal information on nearly 80 UPMC Health System patients were posted on the medical center's radiology department Web site, possibly for as long as two years, Mr. Raczkiewicz said.

In that case, first reported by the Post-Gazette, UPMC also sent letters of apology to the affected patients and offered to reimburse them for credit monitoring costs for one year.

The health system said there was no evidence that any information posted on the Web site was misused.

main page ATTRITION feedback