DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HHS starts to reveal healthcare breaches reported to government

Posted on February 23, 2010 by Dissent

When HITECH was passed as part of the stimulus bill, it introduced new data breach notification requirements, including a requirement that breaches of unsecured personal health information held by covered entities or their business associates affecting more than 500 individuals be reported to the U.S. Department of Health & Human Services.

The requirement was somewhat watered down in the final regulations that introduced a harm threshold for reporting, and it seems that HHS has decided that its obligation is to provide a summary of the reports filed by entities instead of uploading the actual reporting forms, but the web site for such reports is now displaying summary reports received by HHS since September 23, 2009.

Many of the incidents reported have never been revealed in the media even though affected individuals may have been notified:  23 of the 36 reports below were never previously reported on this site or PHIprivacy.net.

It is not clear why HHS is seemingly shielding the name of private practitioners as if the whole purpose of this provision of the HITECH Act was to inform the public, shielding the names of doctors does not further that goal.

In the following list, breaches indicated by  asterisks have not been reported in the media or included on this site previously.

The Methodist Hospital

State: Texas
Approx. # of Individuals Affected: 689
Date of Breach: 1/18/10
Type of Breach: Theft
Location of Breached Information: Computer

Carle Clinic Association

State: Illinois
Approx. # of Individuals Affected: 1,300
Date of Breach: 1/13/10
Type of Breach: Theft
Location of Breached Information: Paper Records and Films

** Ashley and Gray DDS

State: Missouri
Approx. # of Individuals Affected: 9,309
Date of Breach: 1/10/10
Type of Breach: Theft
Location of Breached Information: Desktop Computer

** Educators Mutual Insurance Association of Utah

State: Utah
Business Associate Involved: Health Behavior Innovations
Approx. # of Individuals Affected: 5,700
Date of Breach: 12/27/09
Type of Breach: Theft
Location of Breached Information: CDs

Goodwill Industries of Greater Grand Rapids, Inc.

State: Michigan
Approx. # of Individuals Affected: 10,000
Date of Breach: 12/15/09
Type of Breach: Theft
Location of Breached Information: Backup Tapes

** Private Practice

City and State: Stoughton, MA
Approx. # of Individuals Affected: 1,860
Date of Breach: 12/11/09
Type of Breach: Theft
Location of Breached Information: Portable Electronic Device/Electronic Medical Record

AvMed, Inc.

State: Florida
Approx. # of Individuals Affected: 359,000
Date of Breach: 12/10/09
Type of Breach: Theft
Location of Breached Information: Laptop

** Blue Island Radiology Consultants

State: Illinois
Business Associate Involved: United Micro Data
Approx. # of Individuals Affected: 2,562
Date of Breach: 12/09/09
Type of Breach: Loss
Location of Breached Information: Backup Tapes

** Private Practice

City and State: Wilmington, NC
Business Associate Involved: Rick Lawson, Professional Computer Services
Approx. # of Individuals Affected: 2,000
Date of Breach: 12/08/09
Type of Breach: Hacking/IT Incident
Location of Breached Information: Computer/Network Server/Electronic Medical Record

Kaiser Permanente Medical Care Program

State: California
Approx. # of Individuals Affected: 15,500
Date of Breach: 12/01/09
Type of Breach: Theft
Location of Breached Information: Portable Electronic Device

University of California, San Francisco

State: California
Approx. # of Individuals Affected: 7,300
Date of Breach: 11/30/09
Type of Breach: Theft
Location of Breached Information: Laptop

Detroit Department of Health and Wellness Promotion

State: Michigan
Approx. # of Individuals Affected: 646
Date of Breach: 11/26/09
Type of Breach: Theft
Location of Breached Information: Laptop, Desktop Computer

** Advocate Health Care

State: Illinois
Approx. # of Individuals Affected: 812
Date of Breach: 11/24/09
Type of Breach: Theft
Location of Breached Information: Laptop

** Concentra

State: Texas
Approx. # of Individuals Affected: 900
Date of Breach: 11/19/09
Type of Breach: Theft
Location of Breached Information: Laptop

** Children’s Medical Center of Dallas

State: Texas
Approx. # of Individuals Affected: 3,800
Date of Breach: 11/19/09
Type of Breach: Loss
Location of Breached Information: Portable Electronic Device

Universal American, Inc.

State: New York
Business Associate Involved: Democracy Data & Communications, LLC
Approx. # of Individuals Affected: 83,000
Date of Breach: 11/12/09
Type of Breach: Incorrect Mailing
Location of Breached Information: Postcards

Massachusetts Eye and Ear Infirmary

State: Massachusetts
Approx. # of Individuals Affected: 1,076
Date of Breach: 11/10/09
Type of Breach: Theft
Location of Breached Information: Other

Kern Medical Center

State: California
Approx. # of Individuals Affected: 596
Date of Breach: 10/31/09
Type of Breach: Theft
Location of Breached Information: Paper Records

** Blue Cross Blue Shield Association

State: District of Columbia
Business Associate Involved: Service Benefits Plan Administrative Services Corp.
Approx. # of Individuals Affected: 3,400
Date of Breach: 10/26/09
Type of Breach: Unauthorized Access
Location of Breached Information: Mailings

Detroit Department of Health and Wellness Promotion

State: Michigan
Approx. # of Individuals Affected: 10,000
Date of Breach: 10/22/09
Type of Breach: Theft
Location of Breached Information: Portable Electronic Device

The Children’s Hospital of Philadelphia

State: Pennsylvania
Approx. # of Individuals Affected: 943
Date of Breach: 10/20/09
Type of Breach: Theft
Location of Breached Information: Laptop

** Public Employee Health Insurance Plan (Kentucky Employees’ Health Plan)

State: Kentucky
Approx. # of Individuals Affected: 676
Date of Breach: 10/20/09
Type of Breach: Misdirected E-mail
Location of Breached Information: E-mail

** Brooke Army Medical Center

State: Texas
Approx. # of Individuals Affected: 1,000
Date of Breach: 10/16/09
Type of Breach: Theft
Location of Breached Information: Paper Records

** Alaska Department of Health and Social Services

State: Alaska
Approx. # of Individuals Affected: 501
Date of Breach: 10/12/09
Type of Breach: Theft
Location of Breached Information: Portable USB Device

** Cogent Healthcare of Wisconsin, S.C.

State: Tennessee
Business Associate Involved: Cogent Healthcare, Inc.
Approx. # of Individuals Affected: 6,400
Date of Breach: 10/11/09
Type of Breach: Theft
Location of Breached Information: Laptop

** Health Services for Children with Special Needs, Inc.

State: District of Columbia
Approx. # of Individuals Affected: 3,800
Date of Breach: 10/09/09
Type of Breach: Loss
Location of Breached Information: Laptop

** Blue Cross Blue Shield Association

State: District of Columbia
Business Associate Involved: Merkle Direct Marketing
Approx. # of Individuals Affected: 15,000
Date of Breach: 10/07/09
Type of Breach: Unauthorized Access
Location of Breached Information: Mailings

Blue Cross Blue Shield of Tennessee

State: Tennessee
Approx. # of Individuals Affected: 500,000
Date of Breach: 10/02/09
Type of Breach: Theft
Location of Breached Information: Hard Drives

** City of Hope National Medical Center

State: California
Approx. # of Individuals Affected: 5,900
Date of Breach: 9/27/09
Type of Breach: Theft
Location of Breached Information: Laptop

** Private Practice

City and State: Torrance, CA
Approx. # of Individuals Affected: 6,145
Date of Breach: 9/27/09
Type of Breach: Theft, Unauthorized Access
Location of Breached Information: Desktop Computer

** Private Practice

City and State: Torrance, CA
Approx. # of Individuals Affected: 5,166
Date of Breach: 9/27/09
Type of Breach: Theft, Unauthorized Access
Location of Breached Information: Desktop Computer

** Private Practice

City and State: Torrance, CA
Approx. # of Individuals Affected: 5,257
Date of Breach: 9/27/09
Type of Breach: Theft, Unauthorized Access
Location of Breached Information: Desktop Computer

** Private Practice

City and State: Torrance, CA
Approx. # of Individuals Affected: 857
Date of Breach: 9/27/09
Type of Breach: Theft, Unauthorized Access
Location of Breached Information: Desktop Computer

** Private Practice

City and State: Torrance, CA
Approx. # of Individuals Affected: 952
Date of Breach: 9/27/09
Type of Breach: Theft, Unauthorized Access
Location of Breached Information: Desktop Computer

** University of California, San Francisco

State: California
Approx. # of Individuals Affected: 610
Date of Breach: 9/22/09
Type of Breach: Phishing Scam
Location of Breached Information: Email

** Mid America Kidney Stone Association, LLC

State: Missouri
Approx. # of Individuals Affected: 1,000
Date of Breach: 9/22/09
Type of Breach: Theft
Location of Breached Information: Network Server

Cross-posted from PHIprivacy.net

[Corrected to 23 out of 36; Universal American breach was previously known.]

Category: Breach IncidentsCommentaries and AnalysesHealth DataOf Note

Post navigation

← Ca: Alarming breach in privacy investigated at London school
Another business sues its bank over unauthorized ACH transactions →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.