HHS has added some more breach reports to its site. Most of them had not been reported in the mainstream media:
University Health System
State: Nevada
Approx. # of Individuals Affected: 7,526
Date of Breach: 6/11/10
Type of Breach: Theft
Location of Breached Information: Network Server
Comment: This one we knew about, but not the total number affected.
Private Practice Alma Aguado, MD P.A.
State: Texas
Approx. # of Individuals Affected: 600
Date of Breach: 5/29/10
Type of Breach: Theft
Location of Breached Information: Network Server
HHS’s web site was subsequently annotated and updated on the incident above to indicate that the private practitioner was Alma Aguado, MD P.A.
Children’s Hospital & Research Center at Oakland
State: California
Approx. # of Individuals Affected: 1,000
Date of Breach: 5/25/10 and 5/26/2010
Type of Breach: Other
Location of Breached Information: Paper
Private Practice Mary M. Desch, M.D.
State: Arizona
Approx. # of Individuals Affected: 5,893
Date of Breach: 5/15/10
Type of Breach: Theft
Location of Breached Information: Laptop
HHS’s web site was subsequently annotated and updated on the incident above to indicate that the private practitioner was Mary M. Desch, M.D.
Sinai Hospital of Baltimore, Inc.
State: Maryland
Business Associate Involved: Aramark Healthcare Support Services, Inc.
Approx. # of Individuals Affected: 937
Date of Breach: 5/03/10
Type of Breach: Other
Location of Breached Information: E-mail
Private Practice Nihal Saran, MD
State: Michigan
Approx. # of Individuals Affected: 2,300
Date of Breach: 5/02/10
Type of Breach: Theft
Location of Breached Information: Laptop
HHS’s web site was subsequently annotated and updated on the incident above to indicate that the private practitioner was Nihal Saran, MD. The annotated description reads:
A password protected laptop computer containing protected health information (PHI) was stolen from Dr. Saran’s personal residence. The laptop contained the PHI of approximately 2,300 individuals. The PHI stored on the laptop included patients’ names, addresses, dates of birth, Social Security numbers, insurance information, and diagnoses. Following the breach, Dr. Saran notified the Northville Township Police Department of the theft, contacted the individuals reasonably believed to have been affected by the breach, sent a notice of the breach to the Detroit Free Press and the Monroe News, and installed encryption software for its billing software.
Comprehensive Care Management Corporation
State: New York
Approx. # of Individuals Affected: 1,020
Date of Breach: 4/30/10
Type of Breach: Theft, Unauthorized Access
Location of Breached Information: Laptop, Desktop Computer, Network Server, E-mail
The Children’s Medical Center of Dayton
State: Ohio
Approx. # of Individuals Affected: 1,001
Date of Breach: 4/22/10
Type of Breach: Other
Location of Breached Information: E-mail
Updated 1-29-11 to add names and details.