Officials doubt information on U. Hospital tapes was compromised

Return To Article
Add a comment
  • gloria
    July 2, 2008 9:57 p.m.

    To the person that says that the u and primaries has no relation, let me tell you something. My son has been to primaries numerous times,and the neurosurgery and neurologists come over from the U. Let me tell you how big of a mess that was of combining those two. My sons records were stolen and he is now too old to go to primary childrens now and his records were from the merger of the U and primaries. My son is multiply disabled and we have been warned not to carry his ss card with us and to keep it in a secure place because the theft of the disabled are a top priority to theft of identities.So you bet I have a great concern where I have been so careful for all of these years. I'm sorry the U gets what it deserves for not being a little more careful of peoples information.

  • Anonymous
    July 2, 2008 9:45 p.m.

    I have never been to the U hospital...only PCMC when i was younger and I got a letter that my SSN was stolen, so it must have been involved somehow.

  • overlooked
    July 2, 2008 8:21 p.m.

    What is being overlooked here is that those who provided care to patients are also at risk for identify theft. The information stolen includes the names and social security numbers of those who billed the university for payment for caring for these patients. There are many potential victims here. The University of Utah has some -- and I emphasize "some" world class providers -- but its Achilles Heel is a bunch of local, yocal good ol' boys and good ol' girls who are responsible for contracting with the likes of the people who here have jeopardized the wellbeing of patients and providers alike. When the U finally rids itself of its socially inbred infrastructure, it will be safe from an event like this.

  • Willie in Kansas
    July 2, 2008 6:10 p.m.

    Every time I fill out a form at my doctor's office - and I have done many in the last couple of years, due to cancer - I am asked for my social security number. I have never given it, and have never had any problem. My doctor's office needs my insurance number, but doesn't need my social security number. I think most of us are still stuck in the mode of feeling obliged to answer every question asked. Next time someone asks for your social security number, ask if they really need it. And, please, never provide your number over the phone. Having said that, I love the University of Utah Hospital. They saved my daughter's life. I know doctors and nurses are very busy, so whenever a family member is in the hospital, I try to be there to help them. And if you really don't like them, go somewhere else. There is more than one hospital in this state. Oh, and I strongly dislike this "sue-everybody-because-we-might-make-some-money" attitude. I'm sorry, but because of that, lawyers are synomymous to crooks in my book.

  • I wondered the same thing...
    July 2, 2008 4:56 p.m.

    How would access to my 3-year old son's credit report (which has nothing on it) put me at risk for losing my house. Wouldn't it put my 3-year old at risk for losing his house (if he had one)?

  • To Katie
    July 2, 2008 4:37 p.m.

    You write verey well and I understand your concerns after the experience you have had. But, I can't fault the hospital for this. It was the security company personell that did not use care and follow procedures, not to say the hospital does not have its own need to improve, but not in this instance.

  • To Katie
    July 2, 2008 3:25 p.m.

    Please clarify something for me, You bought your houseusing your three year old's credit? How does one accomplish this? Otherwise I can't see you loosing your houes of someone accesses your son's credit (not that that is going to happen at this point)

  • hmmm is everyone asking for 8 mi
    July 2, 2008 3:21 p.m.

    Boy I did not know that " everyone " involved in the two lawsuits is asking for 8 million hmmmm I thought one was just asking for more coverage past the 1 year mark???? Guess I need to go back a read again

  • U's Fault
    July 2, 2008 3:19 p.m.

    I don't care who the U. hires to perform this task. The fact is they ARE responsible for ensuring my privacy. They have not done a good job of protecting me and my family. How many safety lapses does it take to wake someone up over there???? Perhaps, a sizable lawsuit will get someone's attention that this needs to be taken seriously. And to all U. employees posting here, quit playing on the computer and do YOUR job!!!1

  • smart
    July 2, 2008 2:49 p.m.

    "do your homework" sorry suing for something that "might" happen is senseless. You haven't done your homework, attorneys make out like bandits in class action suits. Im sure the U of U will change their policies. To sue them will only drive up already high health costs. Do your homework on that. Maybe we should let every sue for things that "might happen? Common sense is not prevailing here. And to ask for 8 million, thats total greed, period!!!

  • Robert
    July 2, 2008 2:30 p.m.

    The storage company should: (1) send couriers in pairs to pick up and drop off this type of data, and (2) give the couriers deadlines to drop the data off once they have it.

  • do your homework
    July 2, 2008 2:02 p.m.

    People need to do their homework and understand what all is involved here and stop the "scum attorney " comments or the rush to judge those involved as reps for the rest of us in class action lawsuit...I know of one family where all 6 of their medical records/ SSN # were taken.

    Nobody is going to get rich off a class action lawsuit, but laws and policies will change to help this type of thing from happening again, at least these people have the courage KNOWING full well no money will ever be given to them... all they are doing is stepping forward and saying lets make some much needed changes to protect people who only came to the U because of health reasons...some of which are dealing with cancer, lifelong illness etc. Life is already hard enough and who would of ever thought they would also have to deal with this as well and now harsh words via a few uneducated people. So SAD!

    I know for a fact one person can help change laws and policies for the better...and I know that a group of people doing the right thing can bless the lives of many.

  • Frank
    July 2, 2008 1:49 p.m.

    We consumers are caught between a rock and a hard place. Credit Report Companies exploiting identity theft by scaring people, most of whom end up paying a monthly fee to monitor their credit, and lenient laws that make it easy for thieves to get away with this type of crime. We need better and more stringent laws to punish identity-theft criminals.

  • U Patient
    July 2, 2008 1:40 p.m.

    I am glad that they found the records this has gone on long enough, the people should be glad that they are recovered, and back into the hands of the Hospital now, We can't blame everything on the "U" So everyone should just give it up and be glad that they are found.

  • Stop collecting SSNs
    July 2, 2008 1:31 p.m.

    This wouldn't have been as big a problem if the U hadn't insisted on collecting my social security number. Why on earth do they need that information?

  • Stolen Identity #2
    July 2, 2008 1:07 p.m.

    I have to agree. I have not worried one second since I received the letter that my records were included in the stolen material. The U has done what they can do and now I have free credit monitoring. The chances that some drugged up teenager who smashes car windows for a hobby is going to be able to get access to all of those records and then take the time to use all of that information without getting caught have got to be pretty low. And please remember, it is THE ATTORNEY who makes all the money in class action suits!!!! The plaintiff would get free tickets to a Utah Basketball Game and a free Flu Shot (if they are lucky).

  • Stolen Identity
    July 2, 2008 12:23 p.m.

    For those of you who have had your identity stolen, like we have had, it is a long process, it took us 3 years after our house was broke in to to prove who we are, and we monitored everything. We had our records stolen from the U also, as well as our 18 year old sons. I followed the letter and instructions we received from the U about the free credit report and just received the information from the Credit Bureau's, talk about interesting reading, I'm glad we did that! So take advantage of that and move on, I'm confident that the records were secure and I'm glad that the U offered to pay for the free credit alerts, that costs $35.95 for that credit check plus nearly $100.00 for the alerts, now we'll see anything through the e-mail alerts.

    Everyone take a deep breath and be glad that we have health care available. I've been to Costa Rica where it isn't and it's very sad.

  • either way...
    July 2, 2008 11:33 a.m.

    even if they were encrypted, aren't all the movies and music cd's being copied encrypted also. My childrens records were taken, and I am very concerned, but to file a suit for something that might happen is like throwing someone in prison because they might kill someone else.

  • Encrypted?
    July 2, 2008 10:54 a.m.

    To 'Anonymous':

    Might I ask how you can be sure the records were encrypted? I haven't seen anything in the media reports that stated such. I work in the encryption industry, AND my records were among those lost, so I'm honestly interested, if you have some information that wasn't reported.

  • from Katie....
    July 2, 2008 10:42 a.m.

    please let me clarify...I have no hostile feelings for primarys. I love that hospital, it's staff, the billing office, the ER - the lunch ladies - you name it, I love Primarys! We had a miserable experience at the U clinic, and after the sad things that happened to my son there, I will never go back. I am not bitter, just concerned. Please don't read into my letter any hate or malice. I won't be checking the blog again, as it was too upsetting to hear everyone lash out at me. My son was really mistreated there, and since then has had a very difficult time with medical personel. I have no interest in a class action law suit. Thank you for your concern. God Bless.

  • PCMC is NOT part of the U
    July 2, 2008 10:41 a.m.

    To person talking about Primary Childrens: The University hospital is owned by the State of Utah, Primary Childrens is owen by Intermountain Healthcare (IHC) Primary records are separate from the U's some U doctors have rights to practice at PCMC but they are separate. if your child received a notice of records it was most likely becuase of Medicaid becuase medicaid is ran out of the University!

  • Affected Spouse of U Employee
    July 2, 2008 10:35 a.m.

    To John: the tapes are encrypted. You would need a really hightech computer program to decode this. One only found at the U I'm sure.

    I am in no way blaming the U Hospital for this mistake. I am also glad that the tapes were found so that my hubby quits getting distressing calls. And Yes both of our information were on those tapes along with our children's.

    And to those wondering why such a low reward payment: if the U offered more $ don't you think more of these kinds of thefts would happen, just for the reward $? Or even to announce to these criminals that what they took was Really valuable and they would be less likely to return them unharmed/unused and they would try their hardest to find out what exactly they took? Just a thought or two.

  • Don't Blame U for everything
    July 2, 2008 10:27 a.m.

    Here in the US it seems we always need to find someone to blame. But I say this isn't necessarily so. For example, in this case the U. has a contract with a courier service to collect backups. Why the courier? Because the U. doesn't have the resources or skillset for this. You wouldn't want a tech geek throwing the tapes in the back of his car would you? So you get a contract with a company whose business it is to provide this service. From what I've heard they do a good job. But one employee got lazy and didn't do his job and two companies get the blame. People say that they should have made sure. Well, I'm sure they thought they had procedures in place. I'm sure that they're now being modified. But blame? Two things I can think of: encrypt the backups and have two people pick up & deliver the tapes (at additional expense to you and I in the end, naturally).

  • To Katie
    July 2, 2008 9:58 a.m.

    You sound like a very bitter person, and I'm so sorry for whatever happened to your little boy that you have such hostile feelings for PCMC and it's doctors, murses, and staff. My 3 week old grandson just spent a week there with a horrible infection and I've never seen such detailed care as he received. I have also been a patient at the U and would be one of those affected, but I'm not too worried about it, especially now that the information has been recovered.

    Take your bitterness and join the class action law suit like the other two losers. Grounds -- "something might happen and I want my money before it does, and of course nothing may ever happen, but who cares, I can get back at the medical profession for whatever they did to my son".

    Good luck in your search for a new medical team to take care of your son, and it may surprise you, but doctors, nurses, and even clerical staff do get paid for their knowledge. So I guess you could call it their "business" and yes their business is caring for us who don't know how to care for ourselves.

  • Frank
    July 2, 2008 9:51 a.m.

    Do we really understand the nature of this problem? Do you know what happens to a person when his/her identity is stolen? If you don't, I would encourage you to research the issue of identity theft.

    This is a very serious problem for those whose records were recorded on the tapes.

  • To Katie
    July 2, 2008 9:02 a.m.

    You can not blame the doctors and nurses for this. In no way does it show their lack of concern. They are not the ones that violated policy and left the records in their car. My records were in there along with my SSN. I am not blaming the hospital for this happening. Take advantage of the hospitals offer of free credit monitoring for a year...that will save you some time. If anyone is to blame for this happening it is the courier and not the hospital or its staff.

  • Off-site storage
    July 2, 2008 8:53 a.m.

    It's a prudent disaster recovery choice to store backup tapes off-site, and larger companies often rely on courier services to handle the rotation, transportation, and storage of the tapes. The U should have had sufficient checks in place to make sure the courier service was adequately performing its job and the courier service should have been true to the contract it signed with the U. In my opinion, as an IT director who is constantly concerned with data integrity and security, both institutions are at fault in this case. The U should have known if there was a chance for something like this to happen and the courier service should have had immediate alarms in place to catch the fact that the tapes were not collected at the storage location on time. Companies need, desperately, to care for the critical customer data they're entrusted with!

  • Katie
    July 2, 2008 8:36 a.m.

    My son was a patient and his records were taken. Now I have to spend time that I don't have monitoring a three year old's credit so that we don't end up losing our home. Though I do not agree with class action suits that only benefit the attorneys involved, someone should have to pay for this. My daughter has been in and out of Primary Childrens her whole life, and to date this has never happened with her. Our experience in and out of this clinic was less than satisfactory, and I believe that the loss of records is a result of their lack of concern and attention to detail. This is not an isolated problem there....someone needs to do some house cleaning and teach the team of nurses, doctors and clerical staff at the clinic that medicine is not business first and care later. They have violated the most severe trust with us... in many, many ways, and this is just the icing on the cake. A much needed wake up call, unfortunately at our expense -- again.

  • Anonymous
    July 2, 2008 8:03 a.m.

    It was encrypted.

  • Dave
    July 2, 2008 7:50 a.m.

    @Bob M.

    I'm just speculating, but hey, no one does that here, do they? :)

    The reason they weren't electronically transmitted was because the point of this transfer was an attempt to save/preserve the original physical media. That's what a company like Perpetual Storage is "supposed" to do - keep original records safe.

    And as for why not in an armored car? Likely this was not the first time the U Hospital has used Perpetual Storage for records transfer and storage. Also it's likely that IF the Perpetual Storage employees follow the procedures that they're supposed to, this wouldn't happen. Your question implies that the U knew this employee would be taking the records home with him and leaving them out in his car on the street. I doubt anyone anticipated that.

    In essence, it boils down to hindsight. Even if they sent it in an armored car, what if, for example, the driver of the car steals the cargo? Your can analyze things to death after they happen.

    I just don't see blaming/suing the U for this. They took prudent steps in good faith. And yes, i'm one of those affected.

    Perpetual Storage, on the other hand...

  • John
    July 2, 2008 7:28 a.m.

    This should be a wake up call to the IT industry. Isn't it time to encrypt your off-site backup information on tape? Sure it's a little work but the payoff is immediate by securing your data.

  • U patient
    July 2, 2008 7:28 a.m.

    I suspect changes like this will occur for the future anyway. We often need something bad to happen to force our hand for such precautions. Human nature at work. This debacle is just one more event to push health care costs up. Sad!

  • Kevin
    July 2, 2008 7:18 a.m.

    I mean... Not a hard-copy backup... I meant they're stored on a disk or tape because electronic transfer is highly susceptible to interception. Clearly.

  • Kevin
    July 2, 2008 7:18 a.m.

    Bob M.: I think they're a hard-copy backup. Not sure what kind of vehicle they're sent, but the storage place is supposed to be kind of Fort Knox, buried deep in granite.

  • Maggie
    July 2, 2008 6:55 a.m.

    May I suggest two possible answers?
    These were back-up tapes, used to restore information that might be lost in electronic transmissions. Therefore, electronic transmission defeats the reason for the tapes in the first place
    Next, I believe that the courier was in error for using his own car and not a company vehicle to pick up the tapes. That has been part of the concern from the beginning, and is the reason for one of the class-action suits.

  • Attorney scum
    July 2, 2008 6:38 a.m.

    Low Life Attorneys trying to take advantage once again, "one Call...

  • Bob M.
    July 2, 2008 6:32 a.m.

    I don't wish to add to an event that is just a big waste of everyone's time. Probably two questions come to mind: Why weren't the records transmitted electronically or, why weren't they carried from hospital to records storage inside a Wells Fargo (Loomis Fargo) armored car?