DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Leak of Emory patient records could affect thousands

Posted on October 24, 2011 by Dissent

David Ibata reports on a breach that I covered on DataBreaches.net with a follow-up. In today’s developments, we learn that the breach also affected a healthcare entity:

Nine Emory Healthcare patients have become victims of identity theft in a case that could affect the records of as many as 7,000 people, Channel 2 Action News reported Monday.

The hospital bills of 32 patients at Emory’s orthopedic clinic were taken, and the Social Security numbers, dates of birth and other confidential information were used to file fraudulent tax returns in nine patients’ names, the hospital confirmed.

Investigators found evidence of document thefts in the home of Annette Ford, a former real estate broker from Suwanee who investigators said made about $2.5 million as a mid-level player in a massive identity fraud conspiracy.

[…]

No mention of Emory was made at the time.

Ford had no affiliation with the hospital but allegedly had an inside contact, a person formerly employed as a clerk.

The employee printed off the bills of more than 3,000 patients, Channel 2 reported. It did not disclose its sources for the information.

[…]

It was not clear Monday if the latest revelation of ID theft at Emory was connected to one reported by the AJC in February. Then, the hospital said the identifications of 77 orthopedic clinic patients had been stolen. Another 2,400 patients were notified that a theft had occurred.

Read more on AJC.

Kerry Kavanaugh also reports on the breach. With respect to the insider, Kavanaugh notes:

The hospital traced it all to one clerk. Sources close to the investigation tell Kavanaugh the same clerk printed off the bills of more than 3,000 patients.

“We don’t know that the employee was actually responsible for getting this information out there. As far as we know the information was not protected.”

Last month, Emory notified 7,300 patients about the breach with through a letter. It said an individual inappropriately printed billing information on patients. Emory fired the employee in July.

The letter also reminded patients to be vigilant when monitoring their credit and personal data.

Read more on WSBTV.com.

Did  Emory tell those notified that the data had not only been printed out but in at least some cases, given to an outsider who misused it for tax refund fraud? Wouldn’t their caution to be vigilant be more likely to have an impact if recipients knew that others had already been victimized?

There’s a lot puzzling about Emory’s actions in this case. Was this related to the breach report in February or was this a separate incident? The February incident was originally reported as a hacking incident but maybe the hack was an assumption when the feds tipped off the hospital that patient data had been misused for tax refund fraud.

Hopefully, Emory will issue a full and complete disclosure that answers some questions.

Category: Health Data

Post navigation

← T34MP0NY kathmandu.gov.np Costume Party
Anonymous tipster claims Internet security breach at Pan American Games →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Google agrees to pay Texas $1.4 billion data privacy settlement
  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.