DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Stolen billing vendor’s laptop held patient info from 8 medical facilities

Posted on May 3, 2016 by Dissent

EqualizeRCM Services  is a vendor providing billing and collection services to healthcare providers.  In compliance with HIPAA, it has Business Associate contracts with its clients, who provide it with the information needed to fulfill its functions. The firm has headquarters in Austin, Texas, and offices in Houston and Washington, D.C.

On February 29, EqualizeRCM learned that a laptop had been stolen from an employee on February 25 or 26. A notification letter, signed by Janine Anthony Bowen of LeClairRyan to the New Hampshire Attorney General’s Office, does not indicate whether the laptop was stolen from the employee’s home, a car, or some other location.

An investigation revealed that some patients seen at the following providers had information on the stolen laptop:

  • Northstar Healthcare Surgery Center (Scottsdale, Houston, Dallas)
  • Microsurgery Institute (Houston, Dallas)
  • Hermann Drive Surgical Hospital
  • Victory Medical Center Houston
  • Central Dallas Surgery Center
  • Southwest Freeway Surgery Center
  • Kirby Surgical Center
  • Plano Surgical Hospital

In a statement posted on their web site on April 28, EqualizeRCM explained that

the information potentially exposed may have included patient name, address, phone number, date of birth, gender, insurance provider and policy number, health care provider information, billing and diagnosis codes, medical record number, internal reference number, date and type of service, the name of the treating facility, and other administrative information.

Financial account information and Social Security numbers were not impacted, and as of April 28, neither EqualizeRCM nor its clients were aware of any misuse of the information. As a precaution, however, EqualizeRCM is offering affected patients services through AllClear ID.

Some of the affected entities appear to have posted copies of EqualizeRCM’s notice on their web sites to alert their patients to the incident.

In addition to offering remediation services, EqualizeRCM is also reviewing its policies and procedures, implementing additional safeguards to ensure information in its control is appropriately protected, and “retraining employees on existing policies for the proper handling of sensitive information.”

The total number of patients notified was not disclosed, and this incident does not yet appear on HHS’s public breach tool.

Updated May 10: Northstar reported this to HHS on April 28 as affecting 19,898 patients. We still don’t know the other entities’ numbers or the total.

Category: Business SectorHealth DataSubcontractorTheftU.S.

Post navigation

← Was an Alpha Payroll Services employee cruelly fired?
ADP joins ranks of vendors associated with W-2 data compromise →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.