DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HHS web site update reveals another new breach

Posted on September 2, 2010 by Dissent

In its most recent update, HHS added seven reports to its site. Interestingly, we already knew something about six of the incidents via notices on the entities’ web sites or media coverage, which I attribute to HITECH’s new requirements.  Entities realize that they have to disclose and are getting the information out more promptly and visibly.

With respect to previously known breaches, I noted that:

  • The Baylor College of Medicine breach involving a stolen laptop, disclosed by Baylor in July,  reportedly  affected 694 patients. The notice on Baylor’s web site had indicated 1600 patients.
  • Holyoke Medical Center, whose patient records were found at a dump after being improperly disposed of by a business associate, notified HHS that 24,750 patients were affected. Their initial statement had indicated that it appeared that Pioneer Valley Pathology Associates had provided services to between 16,000 and 24,000 patients during this period of time.
  • The burglary at Eastmoreland Surgical Clinic affected 4,328 patients. Hopefully ID Experts will consider simply adding such information to future press releases on behalf of their clients. Certainly, their decision to not disclose the numbers in their press release resulted in this second blog entry instead of it being just a one-entry incident.

The one new (to us) disclosure on HHS’s site is a report by Chattanooga Family Practice Associates, who reported that 1,711 patients had protected health information on a lost portable electronic device. The loss reportedly occurred on July 15.    Checking the entity’s web site, I see the following notice:

On 07/15/2010 we had a potential disclosure of part of a select group of patient’s medical records. This occurred to a secondary backup device called a flash drive being reported lost. It is our opinion that it was most likely accidentally disposed of by our house cleaning staff. The information on this drive was for a specific period of time and included the patient name, date of birth and purpose of the visit. It did not contain any Medicare numbers, Social Security numbers or any other financial or identifying information. The main computer system has not been breached nor can it be breached through this lost device. We have identified the names of the patients involved and a letter has been sent to each patient identified. We have also reviewed our process and made corrective actions to prevent this from occurring again. If you have any questions regarding this potential disclosure, please call our administrator, Laura Watkins at (423) [redacted].

In their opinion?  That kind of reassurance may dissuade people from taking steps to protect themselves.  Could cleaning staff have stolen it?  Could there be some other explanation? When you don’t know what happened, I think it is best to say “Let’s hope for the best, but prepare for the worst.”

No related posts.

Category: Health Data

Post navigation

← MO: Union pension mailer reveals recepient’s Social Security numbers
Cyber Thieves Steal Nearly $1,000,000 from University of Virginia College →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.