Hospital security breach discussed

People whose confidential records at University Medical Center might have been leaked to outsiders have been offered the free use of a credit monitoring service so they can determine whether their personal information has been compromised, the hospital's CEO told a state legislative committee on Wednesday.

In testimony before the Legislative Committee on Health Care, Kathy Silver said the hospital is doing everything it can to keep the kind of security breaches discovered last month from happening again and to minimize any possible damage done to former patients and their families through leaks of Social Security numbers and other personal information.

If the individual responsible for the security breach is found to be a UMC employee, Silver said, "termination will be the least of his problems."

The FBI, currently conducting an investigation into the security breach, has told Silver they "are making progress," she testified. Those who break the federal privacy law known as HIPAA can be fined $250,000 and jailed for up to 10 years.

Silver told the committee that last month hospital officials were alerted to accident victims' personal information being leaked on Oct. 31 and Nov. 1, perhaps so it could be used by attorneys. This is a theory, she said, and has not been proved.

She said to help protect the 141 people whose personal information appears on registration forms for patients admitted to UMC Trauma on those two days, the free credit monitoring service has been offered.

At this point, hospital officials say they do not know what the cost of the service will be to taxpayers because it is unknown how many former patients and their family members will take advantage of the offer.

Silver told the committee members that the hospital now is requiring employees to use an access code when they use copy machines in patient areas. The PIN numbers help officials track and identify employees who make photo copies.

Though the hospital already has electronic door access controls, Silver said security experts are evaluating where additional physical access controls are needed.

State Sen. Valerie Wiener, D-Las Vegas, the committee chair, asked Silver if the security breaches could have occurred at times other than Oct. 31 and Nov. 1.

"We don't know," Silver said.

Contact reporter Paul Harasim at pharasim@review or 775-387-2908.