DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Greenville Hospital System: boxes of business records with patient info from Allen Bennett Memorial Hospital found in unsecured storage building

Posted on June 7, 2011 by Dissent

Earlier this year, Greenville Hospital System University Medical Center notified patients of a breach  that does not appear on HHS’s breach tool.   Kudos to  GreenvilleOnline.com for noticing it and reporting on it.

The undated notice, which is prominently linked from Greenville’s home page, appears to have been created on February 4, 2011:

On December 31, 2010, Greenville Hospital System received notification from a local news station that the station had received an anonymous report that boxes containing patient information were located in a storage structure behind the building which was formerly Allen Bennett Memorial Hospital.  As residents of the greater Greenville area know, Allen Bennett Memorial Hospital was closed in August of 2008, when Greer Memorial Hospital was opened, and the Allen Bennett building was donated to the city of Greer.  The building was recently sold to Cardinal Real Estate Group, Inc. and is currently unoccupied.  The storage structure in question is located at the very back of the property, immediately behind a Greenville County EMS building.

After receiving notification, our first and immediate step was to dispatch our personnel to retrieve the boxes from the storage structure.  The boxes are in our possession and are secure. We then began an investigation to determine the content of the boxes, how they came to be in the storage structure and, most importantly, whether the boxes had been accessed by any unauthorized persons and whether additional boxes had been in the storage structure and might have been removed by unauthorized persons.

Here is what we have found, as of February 4, 2011:

  • There were twenty two boxes in the storage structure.  The boxes contained business office documents of Allen Bennett Memorial Hospital dating from 1990 to 1999.
  • There were no medical records in the  boxes.  However, the business office documents included sign-in sheets (with patient name, time and date of registration, and complaint or reason for visit), cash receipts (with patient name and amount of payment), patient insurance information, face sheets (including diagnosis or treatment), and admission reports (with patient name, date of birth, date of service and some with Social Security Numbers).  Also included were certain documents without patient information, such as cash count sheets.  These documents contain information related to less than half of the patients treated at Allen Bennett Memorial Hospital during this time period.
  • Until the late 1980s, when secure storage space was added in the basement of the Allen Bennett Memorial Hospital building, Hospital business office records were in fact stored in the storage structure, which was secured.  We interviewed several individuals who worked in the business office of the Hospital during the relevant period. No one interviewed recalls moving the boxes in question to the storage structure or putting the boxes directly in the structure.
  • We requested our independent, contracted security service to examine the storage structure, to determine if there was evidence that the boxes in the storage structure were limited to the boxes that we recovered and to determine if there was any evidence that the materials in those boxes had been exposed to review by an unauthorized individual.  The investigation was conducted by a former law enforcement officer with expertise in criminal investigations. His report found that there were no signs that anyone  had been inside exploring because the interior of the storage structure and its contents did not show signs of disarray. He concluded, “It does not appear any criminal intent is present nor was there any evidence to show items have been removed from the property.”
  • We have interviewed current personnel  and physically searched the grounds of the former Allen Bennett Hospital and confirmed that there are no further business office or other documents of Allen Bennett Memorial Hospital stored in storage structures or otherwise left in or about the premises of the Hospital.

Based on our investigation, we have no basis to conclude that business office or other documents containing patient information had been removed from the storage structure or that any of the business office records that were recovered from the storage structure had been subject to any acquisition, access, use or disclosure by an unauthorized person that compromised the security or privacy of  the patient information those documents contained.

We will continue to monitor this situation for further developments or relevant information.  We are committed to candor and  transparency in matters that affect our patients and the communities that we serve and we understand and support the concerns of our community about the privacy of medical and personal information.  For that reason, we are providing this notice, so that individuals served by Allen Bennett Memorial Hospital during the period of 1990 to 1999 are aware of this deeply regrettable situation.

Information about medical and credit identity theft is available from the South Carolina Department of Consumer Affairs http://www.scconsumer.gov/education/id_theft.pdf and from the Federal Trade Commission http://www.ftc.gov/bcp/edu/microsites/idtheft/.

If you were a patient of Allen Bennett Memorial Hospital during the period 1990 to 1999, please contact us at this toll-free number 1-888-558-2228 if you have any questions.

Nice disclosure, although it’s not clear to me who was legally responsible for those hospital records. Did GHS take over all records or what is their connection to this?   And why doesn’t this appear on HHS’s breach tool?

Category: Health Data

Post navigation

← NC: Granville Co. school administration laptops stolen (updated)
Senator Leahy introduces Personal Data Privacy and Security Act of 2011 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.