DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Tri-State Surgical Associates notifies patients of a disclosure breach

Posted on September 23, 2013 by Dissent

Tri-State Surgical Associates in Elkton, Maryland recently notified patients of a disclosure breach involving their PHI.

According to a letter sent by Drs. Lowe and Vaidy, when a physician left their practice in May, he reportedly asked a staff employee for patient contact information so that he could notify patients of his new practice location. The staff member, without consulting with anyone as to the appropriateness of the request, complied and gave the physician a printout with patient contact information. TSSA discovered the breach on July 18 and notified patients.

Their notification letter, a template of which was submitted to the state, informed 433 Maryland patients that the physician may have acquired 15 types of information about them, including their Social Security number, date of birth, and insurance information, depending on what information the practice maintained about them.  Patients were advised to place fraud alerts on their credit reports and to take other steps to protect their credit.

To their credit, TSSA took a number of steps after they became aware of the disclosure, including, but not limited to (1) notifying the physician that acquisition and use of the information violated HIPAA and requesting return of the data and destruction of any copies,  and (2) suspending employees’ ability to generate patient lists from their computer system.

 

 

Category: Health Data

Post navigation

← Missing Allscripts backup drive held Mercy Health Systems patient information
One year after data theft, Primedia (RentPath) employees and applicants notified of breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale
  • The Meta AI app is a privacy disaster – TechCrunch
  • Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
  • Norwegian Data Protection Authority’s findings on tracking pixels: 6 cases
  • Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025
  • Rules Proposed Under New Jersey Data Privacy Act
  • Using facial recognition? Three recent articles of interest.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report