DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Stolen billing vendor’s laptop held patient info from 8 medical facilities

Posted on May 3, 2016 by Dissent

EqualizeRCM Services  is a vendor providing billing and collection services to healthcare providers.  In compliance with HIPAA, it has Business Associate contracts with its clients, who provide it with the information needed to fulfill its functions. The firm has headquarters in Austin, Texas, and offices in Houston and Washington, D.C.

On February 29, EqualizeRCM learned that a laptop had been stolen from an employee on February 25 or 26. A notification letter, signed by Janine Anthony Bowen of LeClairRyan to the New Hampshire Attorney General’s Office, does not indicate whether the laptop was stolen from the employee’s home, a car, or some other location.

An investigation revealed that some patients seen at the following providers had information on the stolen laptop:

  • Northstar Healthcare Surgery Center (Scottsdale, Houston, Dallas)
  • Microsurgery Institute (Houston, Dallas)
  • Hermann Drive Surgical Hospital
  • Victory Medical Center Houston
  • Central Dallas Surgery Center
  • Southwest Freeway Surgery Center
  • Kirby Surgical Center
  • Plano Surgical Hospital

In a statement posted on their web site on April 28, EqualizeRCM explained that

the information potentially exposed may have included patient name, address, phone number, date of birth, gender, insurance provider and policy number, health care provider information, billing and diagnosis codes, medical record number, internal reference number, date and type of service, the name of the treating facility, and other administrative information.

Financial account information and Social Security numbers were not impacted, and as of April 28, neither EqualizeRCM nor its clients were aware of any misuse of the information. As a precaution, however, EqualizeRCM is offering affected patients services through AllClear ID.

Some of the affected entities appear to have posted copies of EqualizeRCM’s notice on their web sites to alert their patients to the incident.

In addition to offering remediation services, EqualizeRCM is also reviewing its policies and procedures, implementing additional safeguards to ensure information in its control is appropriately protected, and “retraining employees on existing policies for the proper handling of sensitive information.”

The total number of patients notified was not disclosed, and this incident does not yet appear on HHS’s public breach tool.

Updated May 10: Northstar reported this to HHS on April 28 as affecting 19,898 patients. We still don’t know the other entities’ numbers or the total.

Related posts:

  • TX: Unable to determine what was accessed in cyberattack, McAllen Surgical Specialty Center, Ltd. is notifying patients as well as employees
Category: Business SectorHealth DataSubcontractorTheftU.S.

Post navigation

← Was an Alpha Payroll Services employee cruelly fired?
ADP joins ranks of vendors associated with W-2 data compromise →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.