DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Five newly revealed breaches on HHS's web site

Posted on December 10, 2010 by Dissent

With its most recent update, the HHS breach tool site added nine breach reports. We knew about some of them already (the Oklahoma City VA incident, the Triple-Salud breach in Puerto Rico that had been reported by the Puerto Rico Dept. of Health, and the University of Tennessee Medical Center incident), but some of them had not been in the media or previously reported on this blog:

Memorial Hospital of Gardena (California) reported that a breach involving “Unauthorized Access/Disclosure” of paper records on October 14 affected 771 patients. No statement appears on the hospital’s web site at the time of this posting, nor can I find any media coverage via a Google search.

The Albert Einstein Healthcare Network in Pennsylvania reported that 613 patients had protected health information on a desktop computer that was stolen on October 21. No statement appears on the hospital’s web site at the time of this posting, nor can I find any media coverage via a Google search.

Kings County Hospital Center (Brooklyn, NY) reported that 542 patients had PHI on a desktop computer that was stolen on August 22. The incident was posted to HHS’s site on December 10, raising questions in my mind as to whether there was a significant delay in reporting the breach, and if so, why. No statement appears on the hospital’s web site at the time of this posting, nor can I find any media coverage via a Google search.

The Newark Beth Israel Medical Center in New Jersey reported that 1,744 patients were affected by a breach involving Professional Transcription Company, Inc. on or about January 1, 2010. On its web site, the hospital posted a notice:

On September 24, 2010, we discovered that Professional Transcription Company (“PTC”) (a company that assists us in transcribing dictated physician reports) posted clinical reports on a website portal of PTC. This website contained a clinical report regarding your care at our Hospital, which may have included your full name, medical record number, hospital account number, physician name, date of birth, diagnosis and other clinical information about you in the form of an operative report, a discharge summary or physician consultation report. The website did not include your address, social security number, financial information or other identifiable information about you.

PTC believes that your information may have been posted on the website for up to ten months, although we have no information to indicate that your information was actually viewed by any unauthorized individuals. PTC has provided us with assurances that PTC has removed your information from the website.

We have been following-up with PTC regarding this incident. We have demanded that PTC complete a thorough investigation of how and when this incident occurred. PTC has told us that the company is performing a complete security assessment of their computer systems in order to identify and implement measures necessary to avoid similar incidents in the future.

We are sending letters to those patients whose information was included on the website and for whom we have addresses. Although no patient financial information was included, if a patient becomes aware of any suspicious activity, he/she should report it immediately to his/her financial institution and/or the authorities. If a patient has any questions regarding this incident, please call us at (732) 557-3949 (phone lines staffed Monday through Friday, 9:00 a.m. to 5 p.m.) or email us at [email protected].

The Hospital considers the security of patient information to be of the utmost importance. For this reason, we will continue to uphold our commitment to protecting your personal information.

This is the second incident involving the hospital this year. In both cases, the breach involved a contractor or business associate of the Saint Barnabas Health System.

Ochsner Health System in Louisiana reported that H.E.L.P. Financial Corporation had a breach affecting 9,475 patients’ protected health information. The breach occurred on or about September 27. A notice posted to Ochsner’s web site on December 8 states:

On October 4, 2010, Ochsner Health System was notified by some of our patients that letters sent out by the HELP Financial Corporation (765 Wing Street, Plymouth, MI 48170) on behalf of Ochsner contained incorrect patient information. These patients indicated the name, medical record number, account number, and account balance on the letter did not match the records for the person to whom the letter was mailed. Ochsner has a contract with HELP to assist patients with payment arrangements for their outstanding hospital and/or clinic account balances.

Ochsner’s investigation revealed that the mistake was the result of a programming error at HELP Financial Corporation. HELP has identified how the problem occurred and has assured Ochsner that the problem has been corrected. HELP has also adjusted their procedures to ensure that another programming error does not occur. These changes include re-testing of programming changes, strengthening of their quality control procedures, and adding an additional layer of inspections to the patient letters.

This error did not affect any patients’ Ochsner account balance, financial records, and/or medical record. Medical information and social security numbers were not disclosed as a result of HELP’s error. In addition, no patient is able to access another patient’s medical records or financial records using the incorrect information on the letters they received.

At Ochsner, ensuring the privacy and confidentiality of our patients is our top priority. We deeply regret this occurrence and any inconvenience it may have caused. The protection of our patients’ private information is important to Ochsner Health System, and we are committed to maintaining and improving the security of our patients’ personal and financial information.

Any Ochsner patient affected by this error will receive a notification letter from Ochsner. Ochsner urges any patients with questions or concerns regarding this notification or the letter they receive to please contact Ochsner Health System at 1-877-356-1663.

For additional information, contact Stafford Scott, Senior Public Relations Specialist, at 504-842-9143.

Related posts:

  • LA: Ochsner reports hard drive, patient records missing
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Category: Health Data

Post navigation

← Ie: Details of 500,000 GAA members compromised
SWIRCA laptop computer stolen →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.