Bank of America loses laptop and UPMC leaks medical data

In Charlotte, N.C. a Bank of America Corp. laptop computer containing the personal information of current and former employees was stolen affecting a “limited” number of people, while the University of Pittsburgh Medical Center was still trying to figure out how private information for about 80 patients, including names and Social Security numbers and even radiology images of their bodies, wound up on the Internet.

A "limited" number of people were affected, according to a letter sent this week and obtained by The Charlotte Observer, which reported the theft on its Web site Thursday night. Those affected include employees at various levels, spokesman Scott Silvestri said.

Silvestri told The Associated Press that he could not provide any other details on the number of people affected. Bank of America has more than 203,000 employees worldwide, with about 15,000 in the Charlotte area, where the company is based.

The personal information on the laptop included names, addresses, birth dates and Social Security numbers. The letter said there was no evidence that the information has been misused.

Silvestri said the computer had "information protection features." He said he couldn't provide details about the theft, such as where the laptop was stolen, because of an active investigation.

Employees whose information was on the stolen computer can get free credit monitoring for two years, the letter said.

The University of Pittsburgh Medical Center was trying to figure out how private information for about 80 patients, including names and Social Security numbers and even radiology images of their bodies, wound up on the Internet.

The information was first put on the Web inadvertently in 2005 then taken down. The information from a medical symposium held in 2002 was posted on an area of the Web site where the health system's faculty members are encouraged to share their work and other data, UPMC said in a statement Thursday.

Once the health network discovered patient names and other information were included, it was removed, but somehow it was posted again and remained on the Web site until UPMC was notified again on Tuesday, said Robert Cindrich, a former federal judge who now serves as UPMC's chief attorney.

UPMC was notifying the patients affected and offering to pay for credit protection services, just in case the information might have been used by identity thieves. No financial information about patients was posted, nor were patient addresses or other contact information.

"At this point we are not aware of any evidence to indicate that any of the information on the Web site has been misused," said John Houston, UPMC's vice president of information security and privacy.

Sources: http://www.montereyherald.com, http://www.pittsburghlive.com

l.12-.057c.834-.407 1.663-.812 2.53-1.211a42.414 42.414 0 0 1 3.345-1.374c2.478-.867 5.078-1.427 7.788-1.427 2.715 0 5.318.56 7.786 1.427z" transform="translate(-128 -243)"/>