DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update on IRS seizure of server with 60 million records of 10 million patients

Posted on January 11, 2014 by Dissent

Erin McCann has a follow-up to a concerning report I noted here in March that involves the IRS’s seizure of 60 million records containing PHI of 10 million people from an unnamed company. McCann reports that the company has since been identified as Three Rivers Provider Network.

As previously reported, the incident related to an IRS investigation of an employee. It turns out the employee is the company’s founder, Blaine Pollock, who was subsequently indicted.

McCann reports:

However, in July 2013, U.S. Attorney Laura E. Duffy and David D. Leshner asked the court for authorization to access the server provided a “filter” attorney view its contents to determine whether the data were within the scope of the warrant, which was ultimately granted.

Yet, according to Pollock’s attorney, Robert E. Barnes, these records were taken in violation of the warrant.

“The lawlessness of the government agents in this case” wrote Barnes in a July 22 opposition statement to the government’s request to view the computer server, “endangers the privacy of millions of Americans.” These Americans include, among others, California state judges, NBA and Screen Actors Guild employees, Barnes alleged.

Added Barnes, “A computer is conceptually indistinct from a filing cabinet; the right to seize financial records from the filing cabinet does not give the right to seize the entire filing cabinet, given that personal, privileged and confidential non-financial records will likely exist in the filing cabinet. Yet, that is precisely what the government did do, and seeks to do again, here.”

The U.S. government, however, argued on the contrary. “Only evidence on the (server) that is within the scope of the search warrant will be provided to the prosecution team,” wrote Duffy and Leshner in support of a motion to grant access to the computer.

Read more on HealthcareITNews.

So I still have some of my original questions, since there is no entry in HHS’s breach tool for Three Rivers Providers Network. Should this have been reported to HHS as a breach under HIPAA and HITECH? There’s no mention that the data or server were encrypted, although that might come out later. And should the IRS have seized this particular server under the terms of the warrant? The government seems to be successfully arguing “yes,” despite TRPN’s position that the server exceeded the warrant.

And how/where is this server with so much PHI being protected by the IRS?

This continues to be a very troubling situation, in my opinion, and I’m glad HealthcareITNews followed up.

Update: It seems that Modern Healthcare had published an update on this case prior to HITN’s report. Joe Carlson of Modern Healthcare provides links to some of the court documents and notes:

U.S. District Judge Michael M. Anello granted a government request to allow a third-party attorney to review the material and flag any information that might be relevant to Pollock’s tax case. For any information not deemed relevant, the IRS has promised to set it aside in a “sealed evidence bag” and allow the court to take custody of it.

Although Pollock initially appealed Anello’s order to a federal circuit court, that appeal was thrown out last month, allowing the review to proceed. The lawsuit against the IRS has since been put on hold pending the outcome of the criminal action against Pollock.

Read more on Modern Healthcare and my apologies for not finding their reporting sooner.

Category: Health Data

Post navigation

← Update: Former Virginia Beach General Hospital nurse's aide sentenced for using patients’ personal info to commit tax fraud
MIT breached on Aaron Swartz Passing Anniversary →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.