DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update to HHS's breach list (update 1)

Posted on December 16, 2013 by Dissent

HHS added 16 breach reports to its public breach tool today, bringing the counter of breaches each affecting 500 or more individuals to 736 since HITECH went into effect September 23, 2009.

As I’ve done in the past, I’ll begin by noting which of the additions we already knew about, annotated if there’s anything new or significant about the report to HHS:

  1. The Rotech Healthcare Inc breach, reported here affected 10,680 employees and dependents.
  2. The Genesis Rehabilitation Services breach, reported here, affected 1,167 individuals.
  3. The United Dynacare, (dba Dynacare Laboratories) breach, reported here, here and here, affected a total of 9,328. I could be wrong, but it looks like Dynacare must have reported the breach to HHS itself, as there’s no mention of Froedtert in the log entry, even though the city of Milwaukee had contracted with Froedtert Community Health/Workforce Health, who, in turn, had contracted with Dynacare.
  4. The Scottsdale Dermatology breach, reported here, resulted in notification of 1,456 patients after an employee of their business associate, All Source Medical Management, stole patient information. Scottsdale Dermatology reported that the data theft occurred between January 1, 2013 and October 4, 2013.
  5. The Redwood Memorial Hospital breach, reported here.
  6. The DaVita breach, reported here, was reported to HHS as affecting 1,500 dialysis patients, even though DaVita’s public notice indicated 11,500 patients had PHI on the laptop..  I’m not sure why the numbers are so discrepant and have e-mailed DaVita to inquire.  If I get a response, I’ll update this. [Update 1: that was a typo on HHS’s breach tool; the correct number is 11,500, as DaVita initially reported. Thanks to DaVita for their prompt reply.]
  7. The LANAP & Implant Center breach reported here and here was reported by David DiGiallorenzo, D.M.D.  as occurring on September 17, 2012. That seems incorrect as the torrent was uploaded to a PirateBay site on February 18, 2010. Perhaps Dr. DiGiallorenzo confused date of discovery with date of breach? I’d ask them, but their lawyer has already said they’d have no further comment on the breach.  Surprisingly, Dr DiGiallorenzo seems to have reported that (only) 2,600 patients were affected by the breach. Inspection of the torrent reveals that over 11,000 individuals had PII and/or PHI in the database exposed online, so I’m really not sure how they got that number to report.  The incident was reported as “Unauthorized Access/Disclosure,Hacking Incident”,”Network Server, Electronic Medical Record,” and hopefully, HHS will confirm whether this really was a hack by a third party.

I’m in the process of researching the other nine breaches added to HHS’s breach tool and will post something about them in separate posts.

Category: Health Data

Post navigation

← 18,800 Colorado State Workers Wrapped Up In Data Breach
Texas orthopedic group notifies patients after desktop computers were stolen in burglary →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.