DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Leak of Emory patient records could affect thousands

Posted on October 24, 2011 by Dissent

David Ibata reports on a breach that I covered on DataBreaches.net with a follow-up. In today’s developments, we learn that the breach also affected a healthcare entity:

Nine Emory Healthcare patients have become victims of identity theft in a case that could affect the records of as many as 7,000 people, Channel 2 Action News reported Monday.

The hospital bills of 32 patients at Emory’s orthopedic clinic were taken, and the Social Security numbers, dates of birth and other confidential information were used to file fraudulent tax returns in nine patients’ names, the hospital confirmed.

Investigators found evidence of document thefts in the home of Annette Ford, a former real estate broker from Suwanee who investigators said made about $2.5 million as a mid-level player in a massive identity fraud conspiracy.

[…]

No mention of Emory was made at the time.

Ford had no affiliation with the hospital but allegedly had an inside contact, a person formerly employed as a clerk.

The employee printed off the bills of more than 3,000 patients, Channel 2 reported. It did not disclose its sources for the information.

[…]

It was not clear Monday if the latest revelation of ID theft at Emory was connected to one reported by the AJC in February. Then, the hospital said the identifications of 77 orthopedic clinic patients had been stolen. Another 2,400 patients were notified that a theft had occurred.

Read more on AJC.

Kerry Kavanaugh also reports on the breach. With respect to the insider, Kavanaugh notes:

The hospital traced it all to one clerk. Sources close to the investigation tell Kavanaugh the same clerk printed off the bills of more than 3,000 patients.

“We don’t know that the employee was actually responsible for getting this information out there. As far as we know the information was not protected.”

Last month, Emory notified 7,300 patients about the breach with through a letter. It said an individual inappropriately printed billing information on patients. Emory fired the employee in July.

The letter also reminded patients to be vigilant when monitoring their credit and personal data.

Read more on WSBTV.com.

Did  Emory tell those notified that the data had not only been printed out but in at least some cases, given to an outsider who misused it for tax refund fraud? Wouldn’t their caution to be vigilant be more likely to have an impact if recipients knew that others had already been victimized?

There’s a lot puzzling about Emory’s actions in this case. Was this related to the breach report in February or was this a separate incident? The February incident was originally reported as a hacking incident but maybe the hack was an assumption when the feds tipped off the hospital that patient data had been misused for tax refund fraud.

Hopefully, Emory will issue a full and complete disclosure that answers some questions.

Category: Health Data

Post navigation

← T34MP0NY kathmandu.gov.np Costume Party
Anonymous tipster claims Internet security breach at Pan American Games →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.