• OAAIS Home
• Service Catalog
• News
  • Connexxus System Maintenance: Friday, August 28, 2009
  • Equipment Upgrade Window on Friday, August 14, 2009
  • Equipment Upgrade Window on Friday, September 11, 2009
  • iPhone 3.1 Software Update and UCSF Exchange, September 9, 2009
  • Known Issue with ActiveSync Requests Submitted via help.ucsf.edu, Wednesday, August 12, 2009
  • Password Management Tool Issue: Monday, August 24, 2009
  • Remedy Maintenance on Sunday, August 16, 2009
  • Reported Application Outages Due to Name Server Problems: Friday, August 7, 2009
  • RESOLVED: Main UCSF Website (www.ucsf.edu) Unavailable, Wednesday, September 2, 2009
  • Scheduled Monthly Network Maintenance on Sunday, September 20, 2009
• Projects

Frequently Asked Questions

1. What happened?

On March 30, 2007, a computer was stolen from a research office of the University of California, San Francisco (UCSF).

2. Exactly what kind of information was stored in the computer?

The computer contained files with names, addresses and telephone numbers, dates of birth or age, social security numbers of some people, and possibly health information. The information was for people with and without brain, lung, or breast cancer. Many of these people were enrolled in cancer research studies, some refused participation in such studies, and some were not yet asked to participate.

If your social security number was on this computer, there is the potential for identity theft, although there is no evidence that the information on the computer has been used. If your social security number was not on the computer, then the information probably was not sufficient for your identity theft.

[Please check the letter we sent you to see if your social security number was on the computer and if it was, refer to Answers to questions #12-15 on pages 3 and 4].

3. Why was this information kept on the computer?

Information on past and potential future study participants was kept to study the causes and cures of cancers, such as breast, lung, brain cancers and leukemia.

4. What kind of research is this?

Our research group at UCSF tries to discover the causes of cancers (lung, brain, breast cancers and leukemia) in children and adults. We also study the question why some patients with cancer live longer and healthier lives than others. The long range goal of our research is better prevention and treatments of cancer. To conduct these studies we interview people with the cancer and compare them to people without the cancer, to determine the differences. We also follow-up persons with cancer to determine what factors allow some individuals to respond better to cancer therapy than others.

5. What other information is collected during these studies?

We ask questions about family history of cancers and other diseases, personal medical histories, job history, age, ethnicity, income group, education, cigarette smoking, alcohol consumption, diet, women’s reproductive history, symptoms prior to disease onset, and other possibly relevant factors. We also collect blood and/or cheek cell specimens from willing people and study if there are differences between people who do and do not have the disease. For people who have the disease, we also may ask for permission to review medical records related to the disease and to obtain portions of their tumor from pathology departments.

6. Where else does the information for these studies come from?

The UCSF studies obtain information about potential study subjects from a variety of sources. We collect this information to identify people who might be eligible for these studies. Some of the sources include UCSF and other clinics, the California Cancer Registry (www.ccrcal.org) and its local Bay Area subsidiary, The Northern California Cancer Center (www.nccc.org). We also conduct studies jointly with Kaiser Division of Research. Once we identify people, we either write to them to ask if they are willing to participate or in some cases, their UCSF physician introduces the study to them. UCSF also obtains names of potential study subjects by randomly dialing telephone numbers, or contacting people from the community to ask people if they want to be in a study. Furthermore, we have used information from the Health Care Financing Administration (now called the Centers for Medicare and Medicaid Services, CMS) in order to identify persons age 65 and older whom we write to and ask if they are willing to participate in the studies.

7. Why would you have my information even if I didn’t participate?

We may have been in the process of trying to contact you or had trouble contacting you. You also may have refused to participate, but we kept your name and contact information to ensure that we did not contact you again. We also need to check whether people we enroll in our studies are similar to the population as a whole, since the goal is to understand fully what is causing cancer. For these reasons we keep certain information about the people who do not participate in our studies. In some cases, we may have kept this information after the study had ended.

8. Do you know if the information was actually accessed?

There is no evidence that data on this computer was accessed or is being used by any unauthorized individuals. We are very sorry that there remains a possibility that your information may be subject to unauthorized access.

9. Why wasn’t information destroyed when no longer needed?

We maintain contact information of previous study participants for the purpose of conducting follow- up studies. Registry data may be used months to years after receipt in order to compare characteristics of participants and non-participants.

10. How will UCSF protect my personal information in the future?

UCSF and our research group are extremely distressed by this security breach and are committed to changing our security practices to make such an incident impossible in the future. We have introduced higher levels of security. If computers are stolen in the future, they will not contain any accessible personal information for any study participants. There also will be quarterly audits of our data to make sure that any non-essential information is or has been removed. Non-essential information may include social security numbers.

11. Will UCSF contact me again to ask for private information after this incident?

You may be called by study personnel regarding your participation in a research study. If you are uncertain about the identity of someone calling on behalf of UCSF, do not reveal any personal information. If you are contacted by someone claiming to be from your financial institution, do not reveal any personal information. Instead, call your financial institution to make sure the call was legitimate.

The following FAQs are important for those persons informed that their social security number was on the stolen computer.

12. Why was my social security number on the computer, even though I did not provide it to you?

Sometimes social security numbers are included in records we receive from the Cancer Registry, the UCSF clinical database, Medicare ( HCFA), and other sources. These sources use social security numbers because they can be helpful to correctly identify people, especially for those with frequently encountered names or in the event someone changes his or her name. In some cases, we have kept the social security numbers on the computer after the study had ended.

13. What can I do to protect myself?

You may do two things, both of which are cost free. First, you can look at your credit report to ensure that no new accounts in your name have been established. Second, you can place a “fraud alert” on your credit report to ensure that no one will be able to easily establish credit in your name.

14. Is there a cost to placing a fraud alert or receiving a credit report?

No. There is no charge for placing a Fraud Alert, and a new federal law allows consumers to receive one free credit report per year from each of the three national credit bureaus: Equifax, Experian and TransUnion. You can only get the free credit report online at www.annualcreditreport.com, or by writing to the Annual Credit Report (instructions on the fraud alert page). For the fraud alert, you must contact one of the three credit bureaus’ websites or phone numbers (available on the fraud alert page).

15. Will my credit be affected by filing a “Fraud Alert”?

Putting a “Fraud Alert” on your credit report will not harm your credit. The presence of a fraud alert should not interfere with your daily use of a credit card or banking/checking accounts. A fraud alert may limit your ability to obtain instant credit for immediate, in-store purchases. If you prefer to purchase items on a new line of credit (that is, a new credit card) at a retail store and you want to buy those items immediately, your request for credit may be delayed because of the fraud alert placed on your credit.

16. What is the California Cancer Registry? Why do they have social security numbers?

The California Cancer Registry (CCR) is California’s statewide population-based cancer registry. The California Department of Health Services runs the CCR. It was created by state law and requires the registration of all cancer diagnoses in the state of California. The state law requires that doctors, hospitals and other facilities that diagnose and treat cancer patients report to the California Cancer Registry each new cancer diagnosis and some information about the patient. The law further requires that data collected by CCR be used solely for research into the causes of and cures for cancer. The social security number is a unique identifier that allows CCR to confirm the cancer information for an individual and is also used to determine long-term outcomes.

For more information, please refer to the CCR website at www.ccrcal.org.

17. If the theft occurred in late March, why am I being notified at such a late date?

It has taken us this long, using every possible effort, to reconstruct our stolen files and data, to put together a complete, non-duplicated list in order to contact you.

We can be reached via email at alert.info@ucsf.edu

We can be reached via mail at:Security Alert
University of California, San Francisco
Box 1215
San Francisco, CA 94143-1215

Home

Incident Overview

Descripción general del incidente

Frequently Asked Questions (FAQ)

Preguntas de Uso Frecuentes (PUF)

Credit Resources
Fraud Alert Guidelines
Security Freeze

Additional Resources

Press Release

Home | Site Map | Contact Us | Accessibility Help | Feedback
The University of California, San Francisco, CA 94143, 415/476-9000
© 2007 The Regents of the University of California. All rights reserved.

Please tell us what you think of our website

The University of California, San Francisco, CA 94143, 415/476-9000
Copyright © 2009, The Regents of the University of California.