Newspaper Probes Vegas Hospital Data Breach

We’ve heard of criminals trading in stolen credit card information that can yield financial gain or Social Security numbers that could potentially be used to set up fraudulent credit accounts, obtain employment and more. But the leak of sensitive hospital data being reported on this week by the Las Vegas Sun could, possibly, result from a motivation of a different sort. As the paper explains per the suggestion of an unnamed source, patient “fact sheets” belonging to the city’s University Medical Center Hospital were “being sold for months, or even years, to ambulance-chasing attorneys so they could mine for clients.”  

The source spoke to the newspaper out of concern about the breach of consumer privacy, it was explained, and the individual provided the Sun with 21 files each pertaining to people involved in traffic accidents, dated Oct. 31 and Nov. 1.  It’s worth noting, as the hospital’s CEO Kathy Silver has since stated, that the source’s theory is just that—a theory. But the facts of the data loss remain an issue with which the hospital must contend. Besides providing overviews for each case, the files also apparently included info that could potentially be used to commit identity-related fraud: names, birth dates and Social Security numbers.

A victim quoted by the newspaper has voiced concern over why the hospital neglected to notify those who might be affected—UMC became aware of the incident Nov. 19 but still hasn’t formally notified patients, according to the Sun. Though this delay was within the hospital’s legal rights—it has 60 days to make its notification, according to the Sun—a representative of the advocacy group Patient Private Rights tells the paper that postponing the disclosure further damages trust already harmed by the breach incident.

Thanks to the newspaper’s coverage, the state’s Legislative Committee on Health Care called a hearing that saw Silver coming out to answer questions about the breach, which being investigated by the FBI. The CEO told the committee the hospital “is committed to uncovering the leak, and when the employee or employees are identified, ‘termination will be the least of their problems. It’s a serious situation,’” according to the Sun. Patients whose information was exposed have been offered free credit monitoring, according to the The Las Vegas Review-Journal.  

A federal investigation will hopefully dredge up answers to the questions of who is responsible, why they did it, and how many patient files were potentially compromised. In the meantime, those affected should certainly keep an eye on their credit and report any suspicious activities to investigators as well as their financial institutions.