DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Memorial Hospital of Lafayette County breach notice

Posted on October 15, 2013 by Dissent

On October 4, Memorial Hospital of Lafayette County in Wisconsin posted this notice on their site:

On August 6, 2013 Memorial Hospital of Lafayette County discovered a potential breach of unsecured patient health information involving financial statements that were inadvertently sent to some third parties.  While most of the approximately 8,000 notices mailed were sent to the patients themselves or their authorized representatives, in some cases they may have been mailed to third parties who were not authorized to receive the information.  Accordingly, in an abundance of caution, Memorial Hospital of Lafayette County is treating this incident as a breach and has provided appropriate notice to patients.  There is a small number of patients for whom the hospital does not have current contact information.  For those patients, this notice will constitute notification of the breach.

Memorial Hospital of Lafayette County contracts with an outside vendor to generate billing statements for our patients.  Due to an erroneous setting in the vendor’s system, the system generated a number of “zero balance” or “aged account balance” statements relating to care provided at the hospital since 2001.  These statements were sent to the individual responsible for paying the bill, at that individual’s last known address.  Sometimes the person receiving the statement was the patient, and sometimes it was not.  Some of the statements unfortunately relate to individuals who no longer reside at the mailing address or who are deceased.

The statements did not contain sensitive or detailed information.  In fact, the only information relating to treatment at the hospital is the patient’s name and account number, date(s) of service, and the charges associated with each date of service.  The statements also included the name, address and identification number for the guarantor on the account.  Other personal information, such as social security number, date of birth, and specific health conditions, were not included in the disclosure.

Upon discovering the incident, Memorial Hospital of Lafayette County took immediate action and began investigating.   The outside vendor has already corrected the erroneous setting that caused the inadvertent mailing of statements.  Going forward, hospital patients, representatives and guarantors will receive an account statement only if there is a balance owed, or if the account was paid to zero since the last statement.

The hospital also immediately published a prior notice in the local newspaper and in the hospital’s newsletter, informing the public that information was sent in error, and requesting that the documents not be opened.  Anyone in possession of such a mailing is requested to contact the hospital so that we can arrange to have it retrieved and ensure appropriate disposal.

If you believe your information may have been disclosed, but did not receive written notice from Memorial Hospital of Lafayette County, please call this toll free number 1-877-615-3759.

Memorial Hospital of Lafayette County places an extremely high priority on privacy and security of health information and regrets that this incident occurred.

No related posts.

Category: Health Data

Post navigation

← Temp employee at health benefits administrator examined and stole employees' personal and medical info – FBI
Man charged in TSYS identity theft violated computer policy at Paragon Benefits →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.