DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Leak of Emory patient records could affect thousands

Posted on October 24, 2011 by Dissent

David Ibata reports on a breach that I covered on DataBreaches.net with a follow-up. In today’s developments, we learn that the breach also affected a healthcare entity:

Nine Emory Healthcare patients have become victims of identity theft in a case that could affect the records of as many as 7,000 people, Channel 2 Action News reported Monday.

The hospital bills of 32 patients at Emory’s orthopedic clinic were taken, and the Social Security numbers, dates of birth and other confidential information were used to file fraudulent tax returns in nine patients’ names, the hospital confirmed.

Investigators found evidence of document thefts in the home of Annette Ford, a former real estate broker from Suwanee who investigators said made about $2.5 million as a mid-level player in a massive identity fraud conspiracy.

[…]

No mention of Emory was made at the time.

Ford had no affiliation with the hospital but allegedly had an inside contact, a person formerly employed as a clerk.

The employee printed off the bills of more than 3,000 patients, Channel 2 reported. It did not disclose its sources for the information.

[…]

It was not clear Monday if the latest revelation of ID theft at Emory was connected to one reported by the AJC in February. Then, the hospital said the identifications of 77 orthopedic clinic patients had been stolen. Another 2,400 patients were notified that a theft had occurred.

Read more on AJC.

Kerry Kavanaugh also reports on the breach. With respect to the insider, Kavanaugh notes:

The hospital traced it all to one clerk. Sources close to the investigation tell Kavanaugh the same clerk printed off the bills of more than 3,000 patients.

“We don’t know that the employee was actually responsible for getting this information out there. As far as we know the information was not protected.”

Last month, Emory notified 7,300 patients about the breach with through a letter. It said an individual inappropriately printed billing information on patients. Emory fired the employee in July.

The letter also reminded patients to be vigilant when monitoring their credit and personal data.

Read more on WSBTV.com.

Did  Emory tell those notified that the data had not only been printed out but in at least some cases, given to an outsider who misused it for tax refund fraud? Wouldn’t their caution to be vigilant be more likely to have an impact if recipients knew that others had already been victimized?

There’s a lot puzzling about Emory’s actions in this case. Was this related to the breach report in February or was this a separate incident? The February incident was originally reported as a hacking incident but maybe the hack was an assumption when the feds tipped off the hospital that patient data had been misused for tax refund fraud.

Hopefully, Emory will issue a full and complete disclosure that answers some questions.

Category: Health Data

Post navigation

← T34MP0NY kathmandu.gov.np Costume Party
Anonymous tipster claims Internet security breach at Pan American Games →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.