DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Iron Mountain employees suspected of stealing, selling old X-rays files for silver

Posted on August 16, 2014 by Dissent

Courtney Perkes reports:

Orthopaedic Specialty Institute Medical Group said that 742 boxes of X-rays of its patients went missing from an Iron Mountain Record Management storage facility in the Inland Empire. Police were called and the storage company concluded that two employees had melted down the X-rays to collect the silver.

The medical group said it’s unknown when the theft occurred but that the X-rays were 10 to 15 years old and may have contained patient names, birth dates and medical record numbers. The X-rays did not contain any financial information.

Read more on OCRegister.

A notice on the practice’s web site’s home page provides some additional details:

Orthopedic Specialty Institute Medical Group of Orange County in Orange, California wants to alert our patients that on June 17, 2014, we received notice from Iron Mountain Record Management—which is the company that serves as the custodian for many of our older medical records—that 742 boxes of X-ray jackets containing X-rays of our patients have turned up missing. After an internal investigation was conducted and a police report filed, Iron Mountain concluded that it was two employees who were likely responsible for taking X-rays, selling them to a recycler, which then melted them down to recover the silver they contain. The majority of the X-rays were ten years old, so any patients seen after that time are likely unaffected. The destroyed X-rays may have contained protected health information such as patients’ names, dates of birth, gender, treating physician, medical records numbers, as well as orthopedic imaging present on the X-ray. The stolen records included absolutely no financial information nor social security numbers.

[…]

There was no statement included from Iron Mountain. Although it appears that they discovered the theft through their internal checks, which is to their credit, what will they do going forward to prevent a similar problem in the future?

Update of 8-26-2014: This incident was added to HHS’s public breach tool with the CE’s report that it impacted 49,714 patients.

Category: Uncategorized

Post navigation

← MI: Employee at medical office provided patient info for fraudulent purposes
UT: Personal data at Weber State compromised in burglary →

1 thought on “Iron Mountain employees suspected of stealing, selling old X-rays files for silver”

  1. Anonymous says:
    August 16, 2014 at 8:42 pm

    Dissent,
    This is a very common problem in the Document Destruction and Storage industry. I own a shredding business and while attending a NAID convention I was approached by a recycling business owner who informed me I could be well paid for turning these old X-rays over to him for the silver. When I asked what shredded X-rays were worth he informed me they didn’t want shredded, they wanted to whole X-ray’s intact. I told him I was paid to shred the records and there was know way he was whole X-rays and walked away. I later saw him working the room with other shredding businesses and he even had a booth at the convention. Good on Iron Mountain for catching the thieft eventhough It’s still a hit to their reputation.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.