Skip to main content

UNC Health Warns 24,000 Patients of Potential Data Breach

News  |  By John Commins  
   December 08, 2017

The personal records of as many as 24,000 UNC Health patients could be compromised after the theft of a laptop computer at an outpatient dermatology clinic.

UNC Health Care officials are notifying thousands of patients that their personal information could have been compromised with the theft of a laptop computer from an outpatient clinic.

The laptop was taken in an October theft at the UNC Dermatology & Skin Cancer Center in Burlington, NC. UNC Health officials said the laptop contained information about patients seen at the clinic through September 15.

The personal information of about 24,000 people was part of a password-protected database that included patient names, addresses and phone numbers as well as employment status, employer names, patient birthdates and patient social security numbers.

It is not believed that any treatment, diagnosis or prescription records were kept on the computer other than diagnosis codes used for billing purposes, UNC said in a media release. 

UNC Health Care acquired Burlington Dermatology in 2015. As part of this transaction, a computer containing patient information at Burlington Dermatology remained onsite at the practice. This was the computer which was stolen, the health system said.

David Behinfar, chief privacy officer at UNC Health Care, said the health system is taking action to better secure patient privacy.

"We have ensured that all remaining computers acquired from, or kept for use by Burlington Dermatology have been properly secured," he said. "UNC Health Care has also implemented process improvements to ensure that future acquisitions of physician practices include a process to properly secure legacy computers and electronic patient information."

The warning to patients includes free credit monitoring protection for one year.

"We want patients to know that UNC Health Care and the UNC Dermatology Center take their obligation to protect patient privacy very seriously," Behinfar said. "We are truly sorry that this incident occurred and sincerely apologize for any concerns it may cause."

In March, UNC Health notified reported a potential breach when the personal information of about 1,300 prenatal patients at two obstetrics clinics were accidentally transmitted to local county health departments.

John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.

Get the latest on healthcare leadership in your inbox.