DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: Bellevue Hospital notifying 3,300 patients of breach

Posted on May 20, 2015 by Dissent

Jacobi Medical Center wasn’t the only hospital run by the Health & Hospitals Corporation that reported a breach on April 28.  Bellevue Hospital Center also reported one:

The incident in question occurred on January 15, 2015 and was discovered on February 27, 2015 when, in the course of HHC’s monitoring of outgoing emails, we identified an email attachment that a Bellevue employee improperly sent to her relative’s e-mail account at the relative’s place of employment.

Here’s their notice:

The New York City Health and Hospitals Corporation (HHC), which operates Bellevue Hospital Center began this week to notify about 3,300 Bellevue patients about the possible disclosure of some of their protected health information (PHI) when a Bellevue employee improperly sent a spreadsheet containing PHI to an unauthorized recipient.

The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization. A sample notification to the affected patients is attached. Notifications will also be posted on the HHC website and will be distributed to numerous New York area news outlets. The information in the spreadsheet included the names, medical record numbers, e-mail addresses, insurance carrier information, and limited sensitive health information of the affected patients.

Based on HHC’s investigation into the unauthorized disclosure, the spreadsheet has been deleted from all known unauthorized sources to which it was sent and there is no basis to believe that it was forwarded to any other site before deletion. There is no evidence to suggest that the spreadsheet was received or viewed by anyone other than the single unauthorized recipient, and there is no evidence to suggest that the PHI contained in the spreadsheet was misused or further disclosed in any manner.

Nonetheless, in an abundance of caution, HHC has taken decisive steps to protect the individuals who are potentially affected by offering, through a third-party vendor, free credit monitoring services for one year to those patients whose medical records may have been improperly disclosed. Affected patients who have questions about this incident, including how to sign up for free credit monitoring services, may contact Bellevue Privacy Officer Christopher Roberson at (212) 562-4316.

HHC has taken immediate measures to prevent the recurrence of an incident of this nature by automatically blocking of email communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network unless for a legitimate business purpose.

Related posts:

  • NY: Jacobi Medical Center notifies 90,060 patients after employee emailed PHI to her personal account and new email address at another employer
  • NY: Metropolitan Hospital Center notifies almost 4,000 patients of breach
  • HHC Press release on backup tapes stolen from GRM van
  • In the aftermath of Hurricane Sandy, a hospital reports a breach
Category: ExposureHealth DataInsiderU.S.

Post navigation

← Cn: Hacker jailed for linking school website to pornography pages
CareFirst BlueCross BlueShield discloses that hack in June 2014 affected 1.1 million members →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.