Could this breach be related to the one recently disclosed by Raleigh Orthopaedic Clinic? There are some obvious similarities, but neither entity names the third party vendor.
The May 13 press release from ECRMC:
EL CENTRO, Calif., May 13, 2013 (BUSINESS WIRE) — On March 22, 2013, El Centro Regional Medical Center (ECRMC) was notified that x-rays ECRMC had provided to a trusted vendor for digitization and destruction were missing from a storage warehouse and may not have been properly destroyed. ECRMC immediately began a thorough internal investigation to determine what happened to the x-rays, but has been unable to find the missing x-rays. ECRMC has also not been able to make contact with the vendor. The radiology films and records are for dates of service prior to February 2011. As a precaution, ECRMC began sending letters to affected patients on May 7 to let them know this occurred.
ECRMC has no information that any of these documents were improperly viewed or accessed, or that any of the information in the documents has been misused in any way. To make sure our patients are protected, ECRMC is urging eligible patients who may be affected to use the resources the hospital is providing to check their credit and sign up for free credit monitoring.
The missing documents include patients’ x-rays, paper jackets containing the films, and sometimes written interpretations. The information involved may include patient names, dates of birth, addresses, medical record numbers, ECRMC account numbers, physicians’ names, diagnoses, radiology procedures, radiology interpretations, health insurance numbers, and in some instances Social Security numbers.
ECRMC no longer does business with the vendor. ECRMC has set up a call center for patients who have questions and has posted this information on its website at http://www.ecrmc.org/news-&-updates/&/view/event/id/118/.
ECRMC deeply regrets any concerns this may cause its patients. To help prevent something like this from happening again, ECRMC implemented additional security measures to further protect us and our patients against unlawful individuals, including the investment in a program that assists in the credentialing of vendors and their representatives.
SOURCE: El Centro Regional Medical Center
The substitute notice linked from their home page:
El Centro Regional Medical Center (“El Centro”) is committed to protecting the privacy and security of the information we maintain on behalf of our patients. Regrettably, this notice concerns some of that information.
On March 22, 2013, law enforcement notified El Centro that x-rays we had provided to a trusted vendor for digitization and destruction were missing from a storage warehouse and may not have been properly destroyed. We immediately began a thorough internal investigation to determine what happened to the x-rays, but we have been unable to find the missing x-rays and have not been able to make contact with the vendor. The missing documents include patients’ x-rays, paper jackets containing the films, and sometimes a written interpretation. The information involved may include patient names, dates of birth, addresses, medical record numbers, El Centro account numbers, physicians’ names, diagnoses, radiology procedures, radiology interpretations, health insurance numbers, and in some instances Social Security numbers. We no longer do business with the vendor.
We have no information that any of these documents were viewed or improperly accessed, or that any of the information in the documents has been misused in any way.
We deeply regret any inconvenience this may cause you. To help prevent something like this from happening again, we are conducting a comprehensive internal review of our information security practices and procedures. We began sending letters to affected patients on May 7, 2013. If you believe you are affected but do not receive a letter by May 28, 2013, you may call toll-free 1-877-509-8356 Monday through Friday from 6:00 a.m. to 4:00 p.m. Pacific time.