DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WI: Milwaukee to file complaint against Dynacare after security breach

Posted on November 21, 2013 by Dissent

Hell hath no fury like a city breached? The City of Milwaukee issued this statement today following the theft of a flash drive from a car owned by an employee of Dynacare. The flash drive contained what seems to be unencrypted information on city employees enrolled in a wellness program and their dependents:

Statement of Milwaukee City Attorney Grant Langley

November 21, 2013

After consultation with members of the Common Council and the Mayor, the Office of the City Attorney has decided to file a formal complaint with the federal Office of Civil Rights against Dynacare Laboratories for its admitted breach of HIPAA security requirements regarding the private information of more than 9,000 City of Milwaukee employees, their spouses and their domestic partners.

I will be taking this action on behalf of the city and its employees based on Dynacare’s recent filing of a notice of breach of unsecured protected health information, its apparent unwillingness to communicate or cooperate with city representatives or to release details of its investigation, its failure to provide information to the city in order to protect our employees and the misleading comments Dynacare provided to the media.

It is important to note that the city’s contract for its wellness program is with Froedtert Community Health/Workforce Health. That is the entity to which the city provided employee information in a secured and password-protected manner, not Dynacare. The city continues to investigate the matter, and at this time has not ruled out further litigation.

Of course, some of this “we’re filing a formal complaint” bit is a bit absurd since Dynacare has already self-reported the breach to HHS. Maybe the city doesn’t trust Dynacare’s report to be accurate and wants to ensure that HHS fully understands how upset the city is at Dynacare’s lack of prompt notification and greater disclosure?

Curiously, the city did not say it would file a complaint against Froedtert Community Health/Workforce Health. Because the city had provided the data to them in secure format, you’d think they would complain that Froedtert failed to ensure that the party they passed it on to maintained it in secure format.  According to the Journal Sentinel,  Froedtert Health Inc. has an ownership interest in Dynacare, but  the management of Dynacare is contracted to a subsidiary of Laboratory Corporation of America Holdings. Froedtert Community Health/Workforce Health is  affiliated with Froedtert Health. So now everyone can pull out the contracts and HIPAA regulations to see how many of these entities have responsibility for, or liability for, the breach.

Don Walker of the Journal Sentinel provides some additional details that suggest this case is about to get even messier:

 The [stolen employee] car contained a flash drive with the personal information of 9,414 city employees, their spouses or domestic partners.

The personal information included the names, addresses, dates of birth, Social Security numbers and gender of an estimated 6,000 city employees. The flash drive also had the names of more than 3,000 spouses and domestic partners of those workers, although their Social Security numbers were not included, the company said.

However, a domestic partner of a city employee provided the Journal Sentinel with a copy of a letter Dynacare sent to him, informing him that his Social Security number was on the missing flash drive. There is also evidence that people who opted out of the wellness program had their Social Security numbers and other information on the flash drive, Barrett said.

If they opted out, why were their details on the drive? While you can be understandably outraged at Dynacare for the sloppy security practices by its employee, the city itself needs to explain why information on those who opted out were shared with Froedtert Community Health in the first place.WI: Milwaukee to file complaint against Dynacare after security breach

Related posts:

  • WI: Milwaukee to file complaint against Dynacare after security breach
  • Froedtert's alleged lack of cooperation in breach investigation has Milwaukee considering litigation
  • Update: City of Milwaukee employees file complaint over data breach
  • WI: Flash drive with personal information of thousands of City of Milwaukee employees stolen from contractor’s car
Category: Uncategorized

Post navigation

← WI: Milwaukee to file complaint against Dynacare after security breach
Medical marijuana patients outed by Health Canada →

2 thoughts on “WI: Milwaukee to file complaint against Dynacare after security breach”

  1. Anonymous says:
    November 22, 2013 at 9:28 am

    I recently reported to ACL labs Aurora on 10/14/2013 that I believed an employee had got information from my accounts as I was getting harassing calls starting oct 12 2013 resulting in that individual receiving a harassment ticket. I was notified by letter on 11/15/2013 that not only did this individual take my personal identifiable information but also my 15 year old daughter’s including our full social security numbers.
    I had a phone conference on 11/20/2013 with my administrator and our Hipaa officer as witnesses with the call on speaker Kelly McCormick Corporate compliance Officer and Peg Schmidt Chief privacy officer. This individual accessed our information a total of 10 times 5 to myself and my daughter. She used 2 coworkers log in information that she got while being trained for her job. This access was from July 23rd 2013 through October 14th 2013. So apparently there is a huge problem with security and privacy in more than one lab in Milwaukee county.

    1. Anonymous says:
      November 22, 2013 at 9:57 am

      I have sent an inquiry to Advocate Health to ask for their response to the allegations above and will post them when I get a response.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mississippi Law Firm Sues Cyber Insurer Over Coverage for Scam
  • Ukrainian Hackers Wipe 47TB of Data from Top Russian Military Drone Supplier
  • Computer Whiz Gets Suspended Sentence over 2019 Revenue Agency Data Breach
  • Ministry of Defence data breach timeline
  • Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years
  • Ransomware in Italy, strike at the Diskstation gang: hacker group leader arrested in Milan
  • A year after cyber attack, Columbus could invest $23M in cybersecurity upgrades
  • Gravity Forms Breach Hits 1M WordPress Sites
  • Stormous claims to have protected health info on 600,000 patients of North Country Healthcare. The patient data appears fake. (2)
  • Back from the Brink: District Court Clears Air Regarding Individualized Damages Assessment in Data Breach Cases

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The EU’s Plan To Ban Private Messaging Could Have a Global Impact (Plus: What To Do About It)
  • A Balancing Act: Privacy Issues And Responding to A Federal Subpoena Investigating Transgender Care
  • Here’s What a Reproductive Police State Looks Like
  • Meta investors, Zuckerberg to square off at $8 billion trial over alleged privacy violations
  • Australian law is now clearer about clinicians’ discretion to tell our patients’ relatives about their genetic risk
  • The ICO’s AI and biometrics strategy
  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.