As a small update to the Holy Cross Hospital breach reported previously on this site:
Holy Cross’s report to HHS indicates that 1500 patients were affected by the July 27th theft of paper records. It’s not clear why the hospital took until Dec. 2 to report the incident to HHS as it had publicly revealed the incident on Nov. 11. Nor is it clear whether they will be fined for delayed notification HHS, although somehow I doubt HHS will fine them as they don’t really seem to fine anyone!