DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ho ho how many? Breaches newly disclosed by HHS

Posted on December 24, 2014 by Dissent

Today’s update to HHS’s public breach tool sheds light on some previously reported breaches and over half a dozen new ones:

The armed robbery of a Brigham and Women’s Hospital physician impacted 999 patients.

Newly Revealed:

North Big Horn Hospital in Wyoming reported that 1,607 patients were affected by a breach on October 2nd involving the loss of paper records. So far, I haven’t found any statement on their site or in news media.

The Hearing Zone in Utah reported that 623 patients had PHI on a laptop that was stolen on October 8th. So far, I haven’t found any additional information on this breach.

The Florida Department of Health reported that 2,477 patients were affected by a breach on August 16th involving email. So far, I haven’t found any additional information on this breach.

ReachOut Home Care in Kentucky reported that 4,500 patients had PHI on a laptop that was stolen on October 9th. Their statement from their web site:

ReachOut Home Care customers in Texas notified of security breach

Unencrypted computer stolen from office facility contained patient names and Medicare identification numbers

Richardson, TX – Dec. 9, 2014 – In October, at the offices of ReachOut Home Care in Richardson an unencrypted laptop computer was stolen. The computer contained the names, claims data and, in some cases, Medicare identification numbers of approximately 5,000 ReachOut Home Care customers who live in the Dallas/Fort Worth area.

At this time, ReachOut Home Care has no reason to believe the information has been used inappropriately. ReachOut Home Care is in the process of notifying all of its customers whose information was on the computer and will provide individuals whose Medicare identification number was included free access to a credit-monitoring service that can help them protect against potential misuse of their information. We are strongly encouraging these ReachOut Home Care customers to enroll for the free service.

While ReachOut Home Care has policies and procedures in place to maintain the security of its members’ information, we are taking additional steps as a result of this incident. These steps include a comprehensive review of our technical security procedures with ReachOut Home Care and an inventory and review of all ReachOut Home Care equipment that maintains protected health information to ensure that all equipment has been encrypted.

ReachOut Home Care customers who have any questions about this may contact ReachOut Home Care by phone at 1-800-240-3294, from 9 a.m. to 5 p.m. Central Time, Monday through Friday. Any ReachOut Home Care customer who believes their information is being used by another party is urged to contact ReachOut Home Care so that we can work with the ReachOut Home Care customer and law enforcement officials to promptly investigate the matter.

District Medical Group in Arizona reported that 616 patients had PHI involved in a breach that occurred on March 1, 2014. A statement on their web site explains:

[…]

On October 24, 2014, we became aware that patient information was made potentially accessible on the Internet. We immediately began an investigation and learned that an employee used a thumb drive while working at home that contained patient billing information. While working from home, the employee connected the thumb drive to the home network, and a security vulnerability made the contents of the thumb drive accessible from the Internet. While connected, the documents and information on the drive could be located through a search engine, such as Google.  The thumb drive included patients’ names, dates of service, names of department where the patients were treated, refund amounts, and in some instances social security numbers. Credit card and banking information were not included on the thumb drive.

After we found out about this incident, we promptly took steps to remove the information from the Internet, including working to ensure the documents are no longer available through a search engine.

While we have no reason to believe that patient information has been used in any way, out of an abundance of caution, we began sending letters to affected patients on December 12, 2014, and have established a dedicated call center to answer any questions they may have.  If you believe you are affected but do not receive a letter by January 5, please call 1-888-266-9280, Monday through Friday from 7:00 AM to 7:00 PM Mountain Time.

We deeply regret any inconvenience it may cause our patients.  To help prevent something like this from happening in the future, we have taken a number of actions, including providing education to the involved employee and re-educating all employees regarding the protection of sensitive information.  In addition DMG is reviewing and updating pertinent policies and procedures regarding data privacy and security.

St. Mary Mercy Hospital in Michigan reported that 1,488 patients had PHI involved in a breach involving email that occurred on December 4. I could find no details on their site, however or any media reports.

Walgreen Co. reported that 160,000 patients had PHI involved in an August 1st – November 6th breach involving paper records.  I was unable to find any coverage of this, but this could be big, as Walgreen has had problems before with paper records, and was even fined in the past. This is the fifth breach involving Walgreens to show up on HHS’s public breach tool since its inception in September 2009.

Category: Uncategorized

Post navigation

← FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony
Anonymous no more: Gravedigger finally will get his due at psychiatric hospital →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.