Another insider breach in a Florida healthcare facility where the covered entity only learned of the breach via notification by law enforcement.
Maria Mallory White reports:
A former Broward Health Medical Center employee took documents containing the personal information of nearly 1,000 patients in a data breach uncovered by local and federal officials, the Fort Lauderdale health system announced Friday.
Some 960 patients, treated between October and December 2012 at Broward Health’s main facility, 1600 S. Andrews Ave., will receive letters alerting them that their registration documents had been “inappropriately removed.”
Known as “face sheets,” the records contained basic information, including a patient’s name, address, date of birth, insurance policy numbers and reason for visit, according to an online “Patient Notice” published on the Broward Health website.
Read more on Sun Sentinel, while I try to figure out why their notice was so buried on their site that I wouldn’t have found it if the reporter had not provided a direct link to it. The path to the notice seems to be Home / Community / Patient Notice: Data Breach, but there’s no link from the home page to Community, so how would one find this notice from the home page?
Note that their notification online does not indicate whether any of the data were used for tax refund fraud or for other fraudulent purposes.
The medical center learned of the breach in June, and I’ll bet that some patients will want a more detailed explanation as to why they haven’t been notified before now.