La Nueva Casa de Amigos Eye Clinic, an affiliated clinic of the University of Houston College of Optometry, has notified about 7,000 individuals of a potential data exposure involving a computer containing clinic patient records. The university is not aware of any wrongful use of the information, and there is no evidence that the patient records were in fact viewed or copied.
The patient records, which date from January 2006 to Feb. 23, 2012, include health information, contact information and other personal information, but do not include social security, credit card or driver’s license numbers. The breach was limited to a single computer. No other clinic or university systems were affected.
Clinic personnel detected the computer security incident at about 9 a.m., Feb. 23, the morning after the incident occurred. After discovering the incident, immediate steps were taken to further protect the data at the downtown clinic, lessen the potential for harm to affected individuals and protect against future breaches. Law enforcement officials were notified of the incident and participated in the investigation.
Investigation into the incident concluded that despite measures, protections and procedures in place to safeguard this information, the computer was accessed by an unauthorized individual originating from outside the United States and files were deleted from the clinic’s patient records database.
The University has restored the patient records that were deleted, and Information Technology personnel implemented immediate network and system configuration changes to further protect the database information.
The University has mailed letters to all individuals whose information was potentially exposed. It is using alternate methods to notify those individuals whose contact information was out-of-date or incomplete.
A website (http://www.opt.uh.edu/) contains the latest information related to the incident, as well as recommended precautions to protect against possible identity theft. La Nueva Casa de Amigos Eye Clinic has established a toll-free number, (855) 834-1606, to answer questions from affected individuals.
The University of Houston and the College of Optometry take privacy issues regarding health information and other personal data very seriously and are engaged in a careful review of the clinic’s information technology protocols and other procedures to ensure that the most effective industry security practices are consistently followed.