DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

HHS tool reveals three more breaches

Posted on October 19, 2012 by Dissent

Today’s update of HHS’s breach tool reveals three more breaches not previously reported on this blog:

Sierra Plastic Surgery in Nevada was hacked or had a network compromise between August 19, 2011 and September 20, 2011, but are apparently just reporting it to HHS now – unless HHS mistyped the year of the incident twice. The incident affected 800, and I can’t find any notice on Sierra’s web site or anywhere on the web or in news sources. Nor is it clear whether the web site was hacked, where potential patients enter some personal information, or if their office server was hacked. [Update: See blog entry of Nov. 27 with details on the above breach.]

Valley Plastic Surgery, P.C. in Virginia reported 4,873 patients were affected by an electronic device stolen on July 15. Again, I can find no web site or notification describing this incident.

Colon & Digestive Health Specialists in Arizona reported a breach involving a vendor, Ecco Health, LLC that affected 5,713 patients. The breach involved a lost flash drive and occurred on July 16. I was able to locate a notice that had been linked from their home page. The letter, dated August 30, explains:

In order to better serve our patients and to meet new federal electronic health record regulations, we are in the process of converting prior patient records into a computerized database. We contracted with a well-known electronic medical record consulting firm to assist us in that large and labor-intensive endeavor. As part of that process, the consulting firm mailed a flash drive containing these computerized records to our office. Unfortunately, when the envelope was received by Colon & Digestive Health Specialists, it was empty.
Please note that we have no indication that the flash drive was stolen or intentionally removed from its envelope. Rather, it is believed that the envelope was torn when it was sent through the United States’ Postal Service sorting machine, causing the envelope’s contents to fall out while the envelope was en route to our office.

[…]

The flash drive contained both patient electronic medical and billing records, including protected health information, names, social security numbers, dates of birth, addresses, telephone numbers, account numbers, and diagnoses. The consulting firm has informed us that this information was likely password-protected such that it would be difficult to access the data without significant computer expertise.

“Likely password-protected?” They don’t know for sure? That’s not good.

Category: Health Data

Post navigation

← VA Computers Remain Unencrypted, Years After Breach
More on the Great River Entertainment breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.