DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HHS updates breach tool (update 3)

Posted on September 21, 2012 by Dissent

HHS added 10 incidents to its breach tool in its most recent update. Somewhat depressingly, five of the incidents involved the theft of unencrypted laptops.

In terms of newly revealed details on known incidents, the University of Miami reported that it had notified 64, 846 patients of the insider breach involving theft and possible sale of patient “face sheets.”

The Howard University Hospital breach of  January 25th involving theft of a laptop was updated to reflect 66,601 patients notified. Initially, Howard University had reported  34,503 patients affected.

Here are some of the newly disclosed incidents that had not been previously mentioned on this blog:

Central States Southeast and Southwest Areas Health and Welfare Fund in Illinois notified 754 about an incident on July 31st involving “Unauthorized Access/Disclosure,Other” of paper records. There is no notice on their web site at this time and I can find no substitute notice or media coverage. They have not yet responded to a request for a statement explaining the breach.

Update 2:  Central States responded on September 23 saying that they promptly sent a notice to the affected individuals. They did not provide a copy of their notice, stating “The regulations do not authorize disclosure to the media in any other circumstances and disclosure of details of the breach could only increase the risk to the affected individuals.”

Well, the regulations do not actually prohibit disclosure to the media, either, so I disagree with them on that. And it’s not clear to me how being publicly transparent about a breach increases the risk to individuals, unless the data were lost and someone might suddenly go looking for them and find them.

Perhaps Central States doesn’t realize that their notification to HHS is subject to FOI. Eventually, we will get the details on this one.

Liberty Resources, Inc.” in Pennsylvania notified 3,183 of a laptop theft on August 4th. I cannot find any statement on their web site and I can find no media coverage or substitute notice. They have not yet responded to a request for a statement explaining the breach.

Update 3: Liberty Resources kindly provided a copy of their media notice.

Tricounty Behavioral Health Clinic in Acworth, Georgia notified 4,000 patients after a laptop was stolen on August 26th. They do not seem to have a web site, but I was able to locate a brief media report in the Rome News-Tribune under one of their doctor’s names:

An Acworth doctor had a laptop stolen from her office, according to a Cherokee County Sheriff’s Office report.

According to the report:

Someone broke into the office on Dr. Swarnalatha Inderjith, of 4661 Jefferson Township Lane, and stole a laptop that contained patient information on Aug. 27.

A 32-inch television was also stolen.

The doctor has set up a toll free number for patients or former patients to learn additional information. The number is 888-261-6360.

And yes, there seems to be a small discrepancy as to the date of the theft.

Charlotte Clark-Neitzel, MD of Olympia, Washington notified 942 patients following the July 24th theft of a laptop.  I was able to locate a cached copy of Sept. 11 substitute notice:

The home office of Charlotte B. Clark-Neitzel, M. D. was broken into on July 24, 2012. In addition to other personal items, the thieves stole both her medical bags and a laptop. The laptop contained access to Dr. Clark-Neitzels electronic medical record (EMR) system which was used daily to manage patient information. The Olympia Police Department was notified and is conducting their investigations. All affected patient notification letters were mailed on September 7, 2012. A thorough investigation shows that patient name, address, Social Security number, date of birth and medical information was included on the laptop. Patient billing and banking information was not stored on the laptop and therefore not breached. At this time there has been no indication of malicious use of patient information. Dr. Clark-Neitzel has hired ID Experts to aid in notification and provide services to affected patients. Patients with questions regarding this incident or to determine if they were affected can contact ID Experts at 1-800-809-2956. This public notice is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Dr. Clark-Neitzel has sent notification letters to the affected patients and the Department of Health and Human Services (HHS).

Update 1:  Notification to the NH Attorney General’s office

Lana Medical Care in Florida notified 500 patients after a laptop was stolen on August 18.  I can find no web site for the practice, nor any substitute notices under that name or under the names of two physicians associated with the practice.

As additional info becomes available, I’ll update this post.

Category: Health Data

Post navigation

← Transcend Capital notifies clients after server hacked last month
Ca: Privacy breach at College of the North Atlantic →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.