DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NC: Prompt Med Fined for Improper Disposal of Records

Posted on May 22, 2010 by Dissent

Following up on a breach previously covered here and here, the North Carolina Attorney General’s Office released this statement yesterday:

A Greensboro urgent care center has paid $50,000 because its patients’ financial and medical information were illegally disposed of in a dumpster, Attorney General Roy Cooper announced Friday.

“When you share your personal information with a business, you expect it to be secure,” Cooper said, “Businesses have a duty to make sure your information isn’t just thrown in the trash where identity thieves or other criminals could find it.”

Under a state law that Cooper pushed through the General Assembly in 2005, businesses that dispose of personal identifying information are required to destroy or shred those records, so that identity thieves can’t retrieve information from discarded files that have been carelessly thrown away.

However, four boxes of patient records from the Prompt Med at 3402 Battleground Avenue in Greensboro were found in a dumpster at East Cone Boulevard and Summit Avenue in August 2009. Approximately 600 files were recovered containing personal information on 757 individuals. The records contained names, addresses, dates of birth, Social Security numbers, drivers’ license numbers, and insurance account numbers, as well as personal health information.

Cooper launched an investigation into the illegal dumping of the records, which resulted in the settlement announced today.

Under the settlement, Prompt Med is permanently barred from improperly disposing of patient records and has paid $50,000, including $26,650 in civil penalties that will go to public schools. The remaining $23,350 will go to fund consumer protection education and enforcement efforts, and to cover the costs of the Attorney General’s investigation into the company. In addition, Prompt Med also paid an additional $50 for proper destruction of the illegally dumped records.

At the request of the Attorney General’s office, Prompt Med previously reported the incident as a security breach and notified consumers whose information was placed at risk. A security breach happens when records containing personal information are lost, stolen or inappropriately displayed.

North Carolina law requires businesses as well as state and local government agencies to notify consumers if a security breach may have compromised their personal information. They must also report breaches to the Consumer Protection Division. A total of 471 breaches involving information about more than 2.2 million North Carolina consumers have been reported since state laws on security breaches took effect in 2005 and 2006.

Cooper’s office found out about the dumping of Prompt Med records thanks to reports from a local television station. Based on information from concerned citizens, local law enforcement, and reporters, the Attorney General’s Consumer Protection Division is currently investigating several other cases of reported document dumping by a non-profit in Charlotte, a mortgage lender in Morehead City, a doctor’s office in Roanoke Rapids, and a business in Caldwell County.

Anyone with information about a business that isn’t following the law to destroy old records and protect consumers from identity theft is encouraged to report it by calling 1-877-5-NO-SCAM toll-free within North Carolina. Consumers and businesses can also visit www.ncdoj.gov for simple ways to fight identity theft and an online complaint form.

“Businesses owe it to their customers to keep their personal information safe,” said Cooper. “If you spot a business that’s making it too easy for criminals to get their hands on your information, let my office know about it.”

Investing $50 in shredding could have saved the company $50,000. There’s probably a lesson in there somewhere.

Kudos to the NC Attorney General’s Office for investigating and pursuing these cases.

Category: Health Data

Post navigation

← Ie: ‘Reckless’ data breaches should be prosecuted
NC: Prompt Med Fined for Improper Disposal of Records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.