DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HHS tool reveals three more breaches

Posted on October 19, 2012 by Dissent

Today’s update of HHS’s breach tool reveals three more breaches not previously reported on this blog:

Sierra Plastic Surgery in Nevada was hacked or had a network compromise between August 19, 2011 and September 20, 2011, but are apparently just reporting it to HHS now – unless HHS mistyped the year of the incident twice. The incident affected 800, and I can’t find any notice on Sierra’s web site or anywhere on the web or in news sources. Nor is it clear whether the web site was hacked, where potential patients enter some personal information, or if their office server was hacked. [Update: See blog entry of Nov. 27 with details on the above breach.]

Valley Plastic Surgery, P.C. in Virginia reported 4,873 patients were affected by an electronic device stolen on July 15. Again, I can find no web site or notification describing this incident.

Colon & Digestive Health Specialists in Arizona reported a breach involving a vendor, Ecco Health, LLC that affected 5,713 patients. The breach involved a lost flash drive and occurred on July 16. I was able to locate a notice that had been linked from their home page. The letter, dated August 30, explains:

In order to better serve our patients and to meet new federal electronic health record regulations, we are in the process of converting prior patient records into a computerized database. We contracted with a well-known electronic medical record consulting firm to assist us in that large and labor-intensive endeavor. As part of that process, the consulting firm mailed a flash drive containing these computerized records to our office. Unfortunately, when the envelope was received by Colon & Digestive Health Specialists, it was empty.
Please note that we have no indication that the flash drive was stolen or intentionally removed from its envelope. Rather, it is believed that the envelope was torn when it was sent through the United States’ Postal Service sorting machine, causing the envelope’s contents to fall out while the envelope was en route to our office.

[…]

The flash drive contained both patient electronic medical and billing records, including protected health information, names, social security numbers, dates of birth, addresses, telephone numbers, account numbers, and diagnoses. The consulting firm has informed us that this information was likely password-protected such that it would be difficult to access the data without significant computer expertise.

“Likely password-protected?” They don’t know for sure? That’s not good.

Related posts:

  • Latest update to HHS breach tool discloses previously unknown breaches
Category: Health Data

Post navigation

← VA Computers Remain Unencrypted, Years After Breach
More on the Great River Entertainment breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.