DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Memorial Hospital of Lafayette County breach notice

Posted on October 15, 2013 by Dissent

On October 4, Memorial Hospital of Lafayette County in Wisconsin posted this notice on their site:

On August 6, 2013 Memorial Hospital of Lafayette County discovered a potential breach of unsecured patient health information involving financial statements that were inadvertently sent to some third parties.  While most of the approximately 8,000 notices mailed were sent to the patients themselves or their authorized representatives, in some cases they may have been mailed to third parties who were not authorized to receive the information.  Accordingly, in an abundance of caution, Memorial Hospital of Lafayette County is treating this incident as a breach and has provided appropriate notice to patients.  There is a small number of patients for whom the hospital does not have current contact information.  For those patients, this notice will constitute notification of the breach.

Memorial Hospital of Lafayette County contracts with an outside vendor to generate billing statements for our patients.  Due to an erroneous setting in the vendor’s system, the system generated a number of “zero balance” or “aged account balance” statements relating to care provided at the hospital since 2001.  These statements were sent to the individual responsible for paying the bill, at that individual’s last known address.  Sometimes the person receiving the statement was the patient, and sometimes it was not.  Some of the statements unfortunately relate to individuals who no longer reside at the mailing address or who are deceased.

The statements did not contain sensitive or detailed information.  In fact, the only information relating to treatment at the hospital is the patient’s name and account number, date(s) of service, and the charges associated with each date of service.  The statements also included the name, address and identification number for the guarantor on the account.  Other personal information, such as social security number, date of birth, and specific health conditions, were not included in the disclosure.

Upon discovering the incident, Memorial Hospital of Lafayette County took immediate action and began investigating.   The outside vendor has already corrected the erroneous setting that caused the inadvertent mailing of statements.  Going forward, hospital patients, representatives and guarantors will receive an account statement only if there is a balance owed, or if the account was paid to zero since the last statement.

The hospital also immediately published a prior notice in the local newspaper and in the hospital’s newsletter, informing the public that information was sent in error, and requesting that the documents not be opened.  Anyone in possession of such a mailing is requested to contact the hospital so that we can arrange to have it retrieved and ensure appropriate disposal.

If you believe your information may have been disclosed, but did not receive written notice from Memorial Hospital of Lafayette County, please call this toll free number 1-877-615-3759.

Memorial Hospital of Lafayette County places an extremely high priority on privacy and security of health information and regrets that this incident occurred.

Category: Health Data

Post navigation

← Temp employee at health benefits administrator examined and stole employees' personal and medical info – FBI
Man charged in TSYS identity theft violated computer policy at Paragon Benefits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.