Sensitive patient data stolen from nursing building

September 19, 2007

By Emily Barton, Daily Staff Reporter

Since 8,585 tapes were stolen from the School of Nursing two weeks ago - the third data theft in the last year - University officials are stressing the importance of protecting against data theft.

The tapes were used as backups for the school's computer database. They contained patient information like social security numbers and patient names and addresses.

One of the most important steps to take in cases of theft is quickly reporting it to the University's Information Technology Security Services office, said Paul Howell, the University's chief information technology security officer.

He said the University's Information Technology Security Services office has numerous processes to prevent data theft, including technology products and training to help implement the best practices.

According to a policy outlining how the University deals with data theft, any faculty or staff member who notices a breach of technology security should immediately report it to an information security coordinator. All serious incidents involving unauthorized data access or data theft should then be reported to the ITSS.

When a theft like the one at the nursing school occurs, ITSS usually assembles a security response team. Those teams are made up of different officials depending on the incident, Howell said. That means they might include representatives from the Department of Public Safety or the University's media relations office.

Howell said even with an extensive security system in place, data theft can still occur.

He said the nursing school theft, which took place in the North Ingalls Building over the weekend of Sept. 7, was the first of its kind at the University. In the past, databases have been hacked. The most recent of these incidents was in July when two School of Education databases containing student information were accessed.

The tapes were "in a locked box, in a locked cabinet, in a locked room," University Hospital spokeswoman Kallie Michels said.

DPS spokeswoman said there were no signs of forced entry in the room.

Michels said a system administrator noticed the box was missing on a Monday morning, and called the Department of Public Safety after realizing that it could have been stolen. Nursing School Dean Ada Hinshaw notified ITSS.

The School of Nursing office sent out letters to the patients with stolen information, detailing how to report a possible identity theft.

Police have no suspects in the case, Brown said.

main page ATTRITION feedback