Last year, New York State began posting logs of breach reports they receive. Entities experiencing a breach are required to inform the state how many NYS residents were involved, but are not required to indicate the total number of individuals affected.
Unfortunately, their logs do not indicate precisely whether the NYS residents affected are employees, clients, or patients of the breached entity, and do not indicate what kinds of personal information were involved — SSN, financial, medical, etc. With that frustration in mind, here are some of the breaches that have showed up in the logs for April. An asterisk means that the breach has not been reported in the mainstream media, to date. In asterisked cases, I did try to search for a notification on the entity’s web site, if they have one:
AvMed, Inc. — Stolen computer — 500 NYS residents affected
Comment: AvMed notified HHS that a laptop stolen on December 10, 2009 contained information on 359,000. In February, the Gainesville Sun reported that 208,000 subscribers and their dependents had protected health information on the stolen laptop.
* Preferred Health Partners — Unauthorized access — 661 NYS residents affected
Affinity Health Plan, Inc. Inadvertent disclosure — PII on hard drive — 409,262 people affected, total.
Comment: This is the breach involving a copier hard drive that was returned to a leasing company and purchased by CBS. It is not clear how many other copier hard drives Affinity Health Plan may have also had that stored data. The number of affected individuals was first revealed by PHIprivacy.net based on NYS’s logs.
* Praxair Healthcare Services, Inc./Home Care Supply, Inc. — Stolen computer — 4,994 affected
Comment: This was not reported in the media, but there is a statement on their web site indicating that clients had their names and other personal and/or health-related information on the stolen laptop.
* Dutchess County DDS — Inadvertent disclosure — 1 NYS resident affected
* Health Plus Prepaid Health Services Plan — Stolen computer — 56 NYS residents affected
* Emergency Healthcare Physicians, Ltd — Stolen hard drive — 115 NYS residents affected