DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Ho ho how many? Breaches newly disclosed by HHS

Posted on December 24, 2014 by Dissent

Today’s update to HHS’s public breach tool sheds light on some previously reported breaches and over half a dozen new ones:

The armed robbery of a Brigham and Women’s Hospital physician impacted 999 patients.

Newly Revealed:

North Big Horn Hospital in Wyoming reported that 1,607 patients were affected by a breach on October 2nd involving the loss of paper records. So far, I haven’t found any statement on their site or in news media.

The Hearing Zone in Utah reported that 623 patients had PHI on a laptop that was stolen on October 8th. So far, I haven’t found any additional information on this breach.

The Florida Department of Health reported that 2,477 patients were affected by a breach on August 16th involving email. So far, I haven’t found any additional information on this breach.

ReachOut Home Care in Kentucky reported that 4,500 patients had PHI on a laptop that was stolen on October 9th. Their statement from their web site:

ReachOut Home Care customers in Texas notified of security breach

Unencrypted computer stolen from office facility contained patient names and Medicare identification numbers

Richardson, TX – Dec. 9, 2014 – In October, at the offices of ReachOut Home Care in Richardson an unencrypted laptop computer was stolen. The computer contained the names, claims data and, in some cases, Medicare identification numbers of approximately 5,000 ReachOut Home Care customers who live in the Dallas/Fort Worth area.

At this time, ReachOut Home Care has no reason to believe the information has been used inappropriately. ReachOut Home Care is in the process of notifying all of its customers whose information was on the computer and will provide individuals whose Medicare identification number was included free access to a credit-monitoring service that can help them protect against potential misuse of their information. We are strongly encouraging these ReachOut Home Care customers to enroll for the free service.

While ReachOut Home Care has policies and procedures in place to maintain the security of its members’ information, we are taking additional steps as a result of this incident. These steps include a comprehensive review of our technical security procedures with ReachOut Home Care and an inventory and review of all ReachOut Home Care equipment that maintains protected health information to ensure that all equipment has been encrypted.

ReachOut Home Care customers who have any questions about this may contact ReachOut Home Care by phone at 1-800-240-3294, from 9 a.m. to 5 p.m. Central Time, Monday through Friday. Any ReachOut Home Care customer who believes their information is being used by another party is urged to contact ReachOut Home Care so that we can work with the ReachOut Home Care customer and law enforcement officials to promptly investigate the matter.

District Medical Group in Arizona reported that 616 patients had PHI involved in a breach that occurred on March 1, 2014. A statement on their web site explains:

[…]

On October 24, 2014, we became aware that patient information was made potentially accessible on the Internet. We immediately began an investigation and learned that an employee used a thumb drive while working at home that contained patient billing information. While working from home, the employee connected the thumb drive to the home network, and a security vulnerability made the contents of the thumb drive accessible from the Internet. While connected, the documents and information on the drive could be located through a search engine, such as Google.  The thumb drive included patients’ names, dates of service, names of department where the patients were treated, refund amounts, and in some instances social security numbers. Credit card and banking information were not included on the thumb drive.

After we found out about this incident, we promptly took steps to remove the information from the Internet, including working to ensure the documents are no longer available through a search engine.

While we have no reason to believe that patient information has been used in any way, out of an abundance of caution, we began sending letters to affected patients on December 12, 2014, and have established a dedicated call center to answer any questions they may have.  If you believe you are affected but do not receive a letter by January 5, please call 1-888-266-9280, Monday through Friday from 7:00 AM to 7:00 PM Mountain Time.

We deeply regret any inconvenience it may cause our patients.  To help prevent something like this from happening in the future, we have taken a number of actions, including providing education to the involved employee and re-educating all employees regarding the protection of sensitive information.  In addition DMG is reviewing and updating pertinent policies and procedures regarding data privacy and security.

St. Mary Mercy Hospital in Michigan reported that 1,488 patients had PHI involved in a breach involving email that occurred on December 4. I could find no details on their site, however or any media reports.

Walgreen Co. reported that 160,000 patients had PHI involved in an August 1st – November 6th breach involving paper records.  I was unable to find any coverage of this, but this could be big, as Walgreen has had problems before with paper records, and was even fined in the past. This is the fifth breach involving Walgreens to show up on HHS’s public breach tool since its inception in September 2009.

Related posts:

  • Unencrypted laptops still a major cause of breach reports to HHS
Category: Uncategorized

Post navigation

← FBI warned Year Ago of impending Malware Attacks—But Didn’t Share Info with Sony
Anonymous no more: Gravedigger finally will get his due at psychiatric hospital →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.