DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University Urology in Knoxville notifies patients because employee gave their contact info to competitor (updated)

Posted on April 12, 2014 by Dissent

University Urology, P.C. in Knoxville, Tennessee posted this notice on their website yesterday:

Knoxville, Tennessee – April 11, 2014. University Urology, P.C. has announced today that patient information containing patient names and addresses was provided to an outside provider not associated with University Urology, P.C. Further investigation revealed that in 2013 and early 2014, an administrative employee of University Urology compiled names and addresses of patients and provided patient names and addresses to a competing health care provider for the purpose of the competitor soliciting patient business. The information that was provided to the competitor did not include any social security numbers, financial account information, clinical information or other information that is commonly used for identity theft, but rather the information included protected information consisting of names and addresses of 1144 patients.

“We understand that any breach of protected health information is a concern for our patients. We sincerely regret this situation occurred,” said Peggy Kares, HIPAA Security Officer at University Urology, P.C.

The information consisting of patient names and addresses is considered protected health information and is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Following its investigation, University Urology, P.C. responded by interviewing the administrative assistant involved in the breach, terminating any access of the administrative employee to University Urology, P.C. patient protected health information, terminating the administrative assistant, changing network passwords, and securing an agreement with the outside provider not associated with University Urology, P.C. to destroy all names, addresses, and patient information of any kind relating to patients of University Urology, P.C. Current employees were also retrained regarding patient privacy.

This breach was discovered following an investigation that was initiated after University Urology, P.C. began receiving telephone calls on February 13, 2014, from concerned patients stating that they received solicitation letters from a competing provider.

University Urology, P.C. is notifying by mail the patients impacted by this breach. While it appears that the information subject to the breach was to be used for patient solicitation and there is absolutely no indication that the information may be used for purposes of identity theft, patients may choose to monitor their credit card, bank, or other financial statements for signs of fraud and identity theft.

Patients who have questions can visit www.urologypc.net or contact University Urology, P.C. HIPAA Security Officer, Peggy Kares at 865-305-5329, toll free at 800-776-7623 or by U.S. Mail at 1928 Alcoa Highway, Suite B-222, Knoxville, Tennessee 37920.

h/t, News Sentinel

Update: According to their report to HHS, the incident began on March 7, 2013.

No related posts.

Category: Uncategorized

Post navigation

← OR: Employment applications found in Little Caesars Pizza dumpster in Salem
TN: Higher ed systems seek ID theft source →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.