DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Recent updates to HHS's public breach tool

Posted on October 23, 2014 by Dissent

There’s an update to the breach involving an office burglary at Dr. Vonica Chau ‘s office in Arlington, Texas: when the breach was added to HHS’s public breach tool, it was reported as affecting 810 patients.

The American Family Care breach was also added to HHA’s public breach tool this week. The entry shows the laptop theft occurred on July 18 and affected 2,588 patients.

Two other breaches (neither of which have been previously reported on this blog) were also added to the public breach tool this week. The first, involving Oklahoma City Indian Clinic, reportedly affected ,6000 patients. A notice linked from the clinic’s home page explains the e-mail attachment gaffe that resulted in the breach:

OKLAHOMA CITY – Oklahoma City Indian Clinic recently notified 6,044 patients that their names, email addresses and clinic-specific patient numbers were compromised after the following event: On July 28, 2014, an email was sent from the clinic to 360 patients advertising an upcoming adolescent health fair. A spreadsheet containing names, email addresses and clinic-specific patient numbers of 6,044 clinic patients was inadvertently attached to the email. The sender forwarded a message and failed to remove the attachment, which was used as a worksheet to determine the recipients of the email. The patient number is used for internal clinic purposes and is not the patient’s social security number. The clinic became aware of the incident, and a recall message was sent the same day. The clinic also sent an email to the recipients notifying them that the spreadsheet was not intended for them and requesting that they delete it. A notification letter was sent to all patients whose names were on the spreadsheet on Aug. 18. “Oklahoma City Indian Clinic understands the importance of safeguarding our patients’ personal information and regret that this incident occurred,” said Lysa Ross, COO of OKCIC. “We have notified our patients of the breach and are taking steps to prevent this from happening again. We encourage patients to call with any questions or concerns.” The type of information that was released would not create potential for identity theft. However, patients may receive unwanted emails and should monitor their email accounts. Patients may call toll free 1-844-MYOKCIC Monday – Friday between the hours of 8 a.m. and 5 p.m. with any questions.

The second new entry involves Compassionate Care Hospice of Central Louisiana, whose July 30th breach reportedly involved 707 patients.  A notice on the CCH’s web site explains:

HIPAA Breach Notification

On July 30, 2014, there was a break-in and theft at Compassionate Care Hospice of Central Louisiana’s office located at 5417 Jackson Street, Suite B, in Alexandria, LA. Compassionate Care Hospice immediately reported the incident to local police. On or about September 22, 2013 (sic), Compassionate Care Hospice mailed correspondence to each affected individual or next of kin notifying them of the incident. The letter contains instructions for you to follow in the event that you or your loved one has been affected by this incident.

The theft included some laptop computers that were secured by a password and an external hard drive. The laptops were remotely wiped by our IT team on or about July 31, 2014. The information of the laptops included either the patient’s first and last name only or the patient’s first and last name, patient number, age, admission date, discharge date (if applicable), length of stay, location (i.e., home, hospital or skilled nursing facility) medication class (if applicable), and disposition (i.e., revocation, transfer, etc.).

If you do not receive our letter, please contact our program office at (318) 487-9400 or our toll free compliance hotline at (800) 234-8147. For more information, please click here.

No related posts.

Category: Uncategorized

Post navigation

← ME: Island Nursing Home successfully sued by former employee
BreyerHorse.com site compromised for 18 months →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.