DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Oh, so that's what happened?

Posted on September 19, 2014 by Dissent

One of the (all too many) frustrations with trying to learn from HHS’s public breach tool is that they do not let us know when they’ve updated an older entry or closed an investigation.

In December of 2012, I had reported three additions to the breach tool for which I could find no information online. The first was

“Surgical Associates of Utica, PC”,NY,”Quanterion Solutions, Inc.“,1017,9/18/2012,Theft,Network Server,11/16/2012,,

but could find no information anywhere.

Today, I happened to stumble across the fact that HHS had closed its investigation of the breach, and had added a summary of the breach and investigation back in June:

An unencrypted thumb drive that contained the electronic protected health information (ePHI) of 1,017 individuals was stolen by an employee of the covered entity’s (CE) business associate (BA), Quanterion Solutions, Inc. The ePHI included names, addresses, dates of birth, driver’s license numbers, social security numbers, claims information, clinical information, diagnosis/conditions, lab results, treatment information, and medications. Upon discovery of the breach, the CE, Surgical Associates of Utica, PC, filed a police report and the employee was arrested. The CE provided breach notification to HHS, the media, and affected individuals and provided credit monitoring services for these individuals. As a result of OCR’s investigation, the CE executed a BA agreement.

HHS also closed its investigation of a second breach that had been entered as:

“First Step Counseling, Inc.“,NJ,,638,5/1/2011-08/05/2011,Unauthorized Access/Disclosure,Paper,11/16/2012,,

Their summary for that breach was:

Two of the covered entity’s (CE) employees photocopied documents containing 638 patients’ protected health information (PHI) and disclosed the documents to their attorney. The PHI included names, insurance numbers, diagnoses, dates of birth, telephone numbers, and social security numbers. Upon discovery of the breach, the CE hired attorneys to seek immediate return of all photocopies that contained the PHI. The CE provided breach notification to the affected individuals, HHS and the media. As a result of OCR’s investigation, the CE transferred to an electronic billing system that is password protected and secured patient files with a lock. Further, the front desk has been positioned by a protective window and policies have been implemented to prevent patients from standing beside the reception desk. The CE also reviewed and revised its consent forms and retrained all staff.

As to the third breach I had noted in that 2012 post:

“CVS Caremark”,RI,,955,8/13/2012,Theft,Paper,11/16/2012,,

Well, that one appears without any summary, but the November 2012 date of uploading to the site seems to have been changed to January 23, 2014.

Looking at HHS’s site, there are many breaches where summaries have been entered for older breaches, and I can see where there should be a lot of updating of research databases.

Category: Uncategorized

Post navigation

← SC: Jury begins mulling charges against Williamsburg County sheriff in novel fraud scheme (UPDATED with verdicts)
Top official fired for records security breach at St. Louis Recorder of Deeds office →

4 thoughts on “Oh, so that's what happened?”

  1. Anonymous says:
    September 22, 2014 at 6:56 am

    Since it is also published in XMP, it would be trivial to write a script to compare 2 versions and post the diff.

    1. Anonymous says:
      September 22, 2014 at 7:37 am

      ChangeDetection.com is of no help here. Do you know of any similar site that could? The fact that they don’t add incidents to the end of their list also makes spotting changes difficult, e.g., in some cases, they seem to just add a breach anywhere instead of after the last new entry.

      1. Anonymous says:
        September 22, 2014 at 10:09 am

        You can just download the XML file, wait a week and download it again, and then compare the 2 with winmerge CLI, (or diff if using linux) – that can all be rolled up into a batch or bash script and then automatically run with scheduled programs or cron… you could even get fancy and have it send you an email or post to your twitter

  2. Anonymous says:
    September 22, 2014 at 6:57 am

    er, XML that is 😀

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.