HHS updates breach tool

Posted on by Dissent

HHS has added 17 incidents to its breach tool. Some of the incidents we already knew about, but here are the ones that are new to me or that add new details:

Awklein ,CA,,”2,000″,2/1/2011,Theft,Other,6/8/2012,,
I cannot find any information on this breach via a Google search.

“Stephen Haggard, DPM Podiatry”,WA,,”1,597″,3/4/2012,Theft,Network Server,6/8/2012,,
Dr. Haggard published a substitute notice/classified ad about the breach on April 22nd, but the notice is no longer available.

“Safe Ride Services, Inc”,AZ,,”42,000″,8/31/2011 -1/31/2012,”Unauthorized Access/Disclosure, Hacking/IT incident”,Network Server,6/8/2012,,
A May 1st notice posted on Safe Ride’s web site says, in part:

In February, Safe Ride Services discovered that a former employee may have accessed computer systems without authorization and deleted service files which included patient demographic and insurance information. The file has since been restored and the information is secure. The system also includes employee personal information, but there is no evidence that any information was taken or misused.

SHIELDS For Families,CA,,961,2/27/2012,Theft,Network Server,6/8/2012,,
A hard-to-find notice on their web site says, in part:

SHIELDS For Families is hereby notifying you of the recent theft of your personal information. We became aware of this breach on 2/28/12. We believe the breach occurred on or around 2/27/12. The incident occurred as follows:

After operating hours on 2/27/12, an unknown person or persons gained access to the second-floor attic area of our Achieving Change Together (ACT) program located at 9624 S. Compton Avenue, Los Angeles, CA 90002. The person or persons stole the program’s computer server, where personal information was stored, and other server components. The theft was discovered on February 28, 2012, when a staff member could not access the server’s software. A subsequent inspection of the attic area revealed that the server, monitor and keyboard had been stolen. The police were notified on February 28, 2012 and a police report is on file. The identity of the person(s) responsible for the theft is still unknown.

We believe that as a result of the theft you and your family’s privileged health information was compromised. Examples of privileged health information include date of birth, address, treatment plans, and other types of personal information.

SHIELDS for Families conducted an exhaustive search, but was unable to identify the person or persons responsible for the theft. We deeply regret what has happened and if the culprit(s) are identified we will be seeking the severest penalties possible under HIPAA and CFR 42, Part 2.

There’s a lot more to the notice, but no offer of any free services.

Hogan Services Inc. Health Care Premium Plan,MO,,”1,134″,3/30/2012,Unauthorized Access/Disclosure,Email,6/8/2012,,
I haven’t found anything on this breach yet.

Ameritas Life Insurance Corp.,NE,,”3,000″,3/21/2012,Theft,Laptop,6/8/2012,,
I haven’t found anything on this breach yet.

St. Mary Medical Center,CA,,”3,900″,5/7/2012,Loss,Other Portable Electronic Device,6/8/2012,,
A notice posted on their site explains:

On May 8, 2012, we discovered that an unencrypted thumb drive was lost the previous day. The drive contained patient names, account numbers, diagnoses, dates of admission and discharge, physician’s name, account numbers and medical record numbers. To date, we have not been able to locate this thumb drive. The thumb drive did not contain patient social security numbers, driver’s license numbers or home addresses.

In some cases, the HHS breach tool update provides details not previously disclosed:

Category: Health Data