DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Five breaches newly disclosed by HHS's breach tool

Posted on December 22, 2012 by Dissent

On Friday,  HHS   added 14 new incident reports to its breach tool. Half of them are organizations affected by the ADPI breach, and I’ve added their numbers to the list I’ve been keeping of affected organizations and number notified of that incident.

Another breach HHS added today was one already covered on this blog. That left five incidents we didn’t already know about:

Coastal Behavioral Healthcare, Inc. in Florida reported that 4,907 patients were notified of the theft of paper records back on April 11, 2011. A statement dated December 12 on Coastal’s web site says, in part:

Coastal Behavioral Healthcare, Inc. (“Coastal”) became aware of a breach of patient information on October 10, 2012 when a law enforcement officer contacted Coastal to report discovery of a list, dated April 2011, of approximately 136 Coastal patient names and identifying information found in a vehicle during a traffic stop.

Coastal has been conducting an internal investigation to determine how this information may have illegally been removed from Coastal premises and is cooperating fully with law enforcement in the prosecution of the individuals who possessed the information. As part of our investigation, we have determined that it is possible that additional patients may have been affected; therefore, to protect our patients we are notifying all patients whose information we believe could have been compromised.

James M. McGee, D.M.D., P.C. in Stone Mountain, Georgia reported that 1,306 dental patients were notified of a September 19, 2012 incident involving the theft of paper records. There is no statement on his web site that I can find and no media coverage that I can find at this time.

Robbins Eye Center in Bridgeport, Connecticut reported that 1,749 patients were notified after an October 7 incident involving theft of data (possibly theft of the computer itself?). There is no notice on their web site at this time, and I can find no media coverage or substitute notice.

Vidant Pungo Hospital in Belhaven, North Carolina notified 1,100 patients after an October 4 incident involving the improper disposal of paper records. I was able to find a breach notice linked from their home page. Of note, they report:

Specifically, the paper jackets that held one or more old radiology films were improperly discarded with office trash, picked up by a sanitation company, and disposed of in a landfill. The information contained on the paper jacket was limited to name, address, date of birth, age, sex, race and the date and name of the radiology procedure prior to May of 2012. The radiology films themselves were not disclosed, nor was any financial information.

Brigham and Women’s Hospital in Boston notified 615 patients after an October 16th incident. There is no notice on their web site at this time. Nor does there appear to have been any press release issued. Interpreting HHS’s “Theft, Desktop Computer” is a … well… it’s a crapshoot. It could be a computer was stolen or it could be that an employee stole data from from the desktop computer. Have I mentioned how I wish HHS would change their reporting form to make this clearer in the breach tool?

Category: Health Data

Post navigation

← VA: Fairfax Schools leak: Personal student info will be removed
Verizon FIOS allegedly hacked; 300,000 records dumped; more than 3 million acquired? NO! (updated to include Verizon statements) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.