DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HHS updates breach tool (update 3)

Posted on September 21, 2012 by Dissent

HHS added 10 incidents to its breach tool in its most recent update. Somewhat depressingly, five of the incidents involved the theft of unencrypted laptops.

In terms of newly revealed details on known incidents, the University of Miami reported that it had notified 64, 846 patients of the insider breach involving theft and possible sale of patient “face sheets.”

The Howard University Hospital breach of  January 25th involving theft of a laptop was updated to reflect 66,601 patients notified. Initially, Howard University had reported  34,503 patients affected.

Here are some of the newly disclosed incidents that had not been previously mentioned on this blog:

Central States Southeast and Southwest Areas Health and Welfare Fund in Illinois notified 754 about an incident on July 31st involving “Unauthorized Access/Disclosure,Other” of paper records. There is no notice on their web site at this time and I can find no substitute notice or media coverage. They have not yet responded to a request for a statement explaining the breach.

Update 2:  Central States responded on September 23 saying that they promptly sent a notice to the affected individuals. They did not provide a copy of their notice, stating “The regulations do not authorize disclosure to the media in any other circumstances and disclosure of details of the breach could only increase the risk to the affected individuals.”

Well, the regulations do not actually prohibit disclosure to the media, either, so I disagree with them on that. And it’s not clear to me how being publicly transparent about a breach increases the risk to individuals, unless the data were lost and someone might suddenly go looking for them and find them.

Perhaps Central States doesn’t realize that their notification to HHS is subject to FOI. Eventually, we will get the details on this one.

Liberty Resources, Inc.” in Pennsylvania notified 3,183 of a laptop theft on August 4th. I cannot find any statement on their web site and I can find no media coverage or substitute notice. They have not yet responded to a request for a statement explaining the breach.

Update 3: Liberty Resources kindly provided a copy of their media notice.

Tricounty Behavioral Health Clinic in Acworth, Georgia notified 4,000 patients after a laptop was stolen on August 26th. They do not seem to have a web site, but I was able to locate a brief media report in the Rome News-Tribune under one of their doctor’s names:

An Acworth doctor had a laptop stolen from her office, according to a Cherokee County Sheriff’s Office report.

According to the report:

Someone broke into the office on Dr. Swarnalatha Inderjith, of 4661 Jefferson Township Lane, and stole a laptop that contained patient information on Aug. 27.

A 32-inch television was also stolen.

The doctor has set up a toll free number for patients or former patients to learn additional information. The number is 888-261-6360.

And yes, there seems to be a small discrepancy as to the date of the theft.

Charlotte Clark-Neitzel, MD of Olympia, Washington notified 942 patients following the July 24th theft of a laptop.  I was able to locate a cached copy of Sept. 11 substitute notice:

The home office of Charlotte B. Clark-Neitzel, M. D. was broken into on July 24, 2012. In addition to other personal items, the thieves stole both her medical bags and a laptop. The laptop contained access to Dr. Clark-Neitzels electronic medical record (EMR) system which was used daily to manage patient information. The Olympia Police Department was notified and is conducting their investigations. All affected patient notification letters were mailed on September 7, 2012. A thorough investigation shows that patient name, address, Social Security number, date of birth and medical information was included on the laptop. Patient billing and banking information was not stored on the laptop and therefore not breached. At this time there has been no indication of malicious use of patient information. Dr. Clark-Neitzel has hired ID Experts to aid in notification and provide services to affected patients. Patients with questions regarding this incident or to determine if they were affected can contact ID Experts at 1-800-809-2956. This public notice is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Dr. Clark-Neitzel has sent notification letters to the affected patients and the Department of Health and Human Services (HHS).

Update 1:  Notification to the NH Attorney General’s office

Lana Medical Care in Florida notified 500 patients after a laptop was stolen on August 18.  I can find no web site for the practice, nor any substitute notices under that name or under the names of two physicians associated with the practice.

As additional info becomes available, I’ll update this post.


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • North Country Healthcare responds to Stormous's claims of a breach
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health Data

Post navigation

← Transcend Capital notifies clients after server hacked last month
Ca: Privacy breach at College of the North Atlantic →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • White House ordered to restore Medicaid funding to Planned Parenthood clinics
  • California Attorney General Announces $1.55M CCPA Settlement with Healthline.com
  • Canada’s Bill C-2 Opens the Floodgates to U.S. Surveillance
  • Wiretap Suits Pit Old Privacy Laws Against New AI Technology
  • Action against tiny Scottish charity sparks huge ICO row
  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.