DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

And yet more updates to HHS's breach tool

Posted on July 23, 2012 by Dissent

HHS added another batch of reports to its breach tool last week.  Here are the ones I hadn’t known about already from either the media or reports to state attorneys general:

Upper Valley Medical Center,OH,,”15,000″,10/01/2010-03/21/2012,Unauthorized Access/Disclosure,Other,7/3/2012,,

The breach went on for over one year? There doesn’t seem to be any media coverage of this breach, so I’ emailed UVMC  last week to inquire and will update this entry when I get a response.

 In researching this entry, though, I discovered that UVMC had a second, and more recent, breach involving a missing hard drive.

“Luz Colon, DPM Podiatry”,FL,,”1,137″,3/20/2012,”Theft, Loss”,Laptop,7/3/2012,,

Another one where there was no media coverage that I can find. 

Independence Physical Therapy,CT,,925,8/1/2011,Theft,Desktop Computer,7/3/2012,,

The computer was stolen in August 2011 and we’re first learning of this now? I cannot find any archived news coverage of this one and there is nothing on IPT’s web site.

Titus Regional Medical Center,TX,,500, 3/29/2012, Theft,Other,7/3/2012,,

This appears to be TRMC’s second reported breach this year. On May 24th, they posted a notice on their web site that says, in part:

Public Notice 5/24/12 – EMS Laptop and X-Ray Storage Breach

In compliance with ARRA/HITECH provisions of HIPAA, the following is a public notification of lost and/or stolen patient information in two separate unrelated incidents:

On March 28, 2012, a laptop computer owned by Titus Regional Medical Center’s Emergency Medical Services was confirmed lost during a routine patient transportation. The laptop is not believed to have been stolen, rather inadvertently left on the fender of ambulance with subsequent fall and loss during route. The data was encrypted and password protected and the computer may have been damaged and rendered inoperable. There is a possibility that personal data, including name, address and social security number, as well as a limited amount of medical data related to the services provided by the EMS department could have been accessed in the unlikely event the computer was opened, running and undamaged.

Lutheran Community Services Northwest,WA,,756,03/29/2012-03/30/2012,Theft,”Desktop Computer, Other Portable Electronic Device”,7/3/2012,,

In an undated notice on their web site, they explain, in part:

On March 30, 2012, we became aware that there had been a break-in at our Bremerton office. Computers and electronic devices were taken, some of which contained sensitive information. A police report was immediately filed and every effort made to recover the information.

A thorough assessment was conducted to determine what sensitive information may have been compromised. Every effort has been made to contact people whose information may have been affected. A total of 3,040 LCSNW clients, volunteers and staff were sent letters notifying them of the situation.

The kinds of sensitive information involved differed a lot by program, but could include:

  • Name, Address, Phone Number or Email
  • Date of Birth
  • Social Security Number
  • Driver’s License or Washington ID Number
  • Income or payment information about services received
  • Information about client conditions, treatment and/or service information or diagnosis

 

West Dermatology,CA,,”1,900″,04/21/2012 – 04/22/2012,Theft,Other,7/3/2012,,

I could find no media coverage on this one nor any statement on their web site. Since they’re in California and the breach affected over 500, it’s not clear to me why this isn’t on California’s site.

Physician’s Automated Laboratory,CA,,745,03/23/2012 – 03/26/2012,Theft,Paper,7/3/2012,,

A notice dated May 23rd on their web site says, in part:

On March 26, 2012, we discovered that our Patient Service Center located at 2012 17th Street, Bakersfield California 93301 had been broken into and that, among other things, lab requisition forms which were kept in a locked cabinet were missing from the center. We were able to determine that the missing forms are related to certain laboratory services provided between February 1, 2012 and March 23, 2012. So, if you received services at this location during that timeframe, the confidential information taken may have contained your name, address, phone number, date of birth, insurance information, ordering practitioner’s name and laboratory tests ordered.

The Bakersfield Police Department was notified of the break-in for investigation and possible prosecution of the person(s) responsible. Since then, PAL has taken additional steps to ensure this type of information is more secure, as these documents are no longer kept at PAL patient service centers.

 

“Volunteer State Health Plan, Inc.“,TN,,”1,102”,03/16/2012-04/20/2012,Loss,Paper,7/3/2012,,

VSHP posted a notice on their site that says, in part:

Damaged Mail Leads to VSHP Information Disclosure

CHATTANOOGA, Tenn. — Volunteer State Health Plan (VSHP) has notified approximately 1,100 of its BlueCare members that some of their protected health information was lost last month when envelopes mailed to a West Tennessee clinic were damaged in shipping through the U.S. Postal Service. No patient addresses or Social Security numbers were among the data.

VSHP, a Medicaid managed care organization, investigated the report immediately and discovered that the damaged mail had been sent to Comprehensive Counseling Network. Each envelope contained a check to pay for medical visits and a list of claims for those visits. The checks were not damaged, but the lists of claims were lost at the post office. The postal service has not found them.

The data contained on the missing lists includes:

* First and last name of member
* BlueCare ID number
* Date of service
* Procedure code
* Claim number
* Total charged
* Amount paid
* Provider name and address

In addition to notifying BlueCare members about the incident, VSHP has implemented a new procedure of sending payments and claims lists in reinforced envelopes. This process will continue until clinics are transitioned to electronic fund transfer, eliminating the need to mail checks.

So there you have it: the HHS breach tool serves a valuable function in alerting us to the occurrence of incidents, but it generally fails to provide us with sufficient information to understand the incidents. I continue to think that HHS should be posting more details about incidents.

Category: Health Data

Post navigation

← IL: Steakhouse Beefs Up Security
AU: SA Health's Medvet breached Privacy Act with sloppy software →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.