DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Physician took work home, and there it stayed after his employment terminated (UPDATED)

Posted on July 11, 2016 by Dissent

Here’s a breach that was actually disclosed in June, but first was posted to HHS in July. Kudos to HIPAAJournal who found their statement on their website when my old eyes missed the small print.  You can read HIPAAJournal’s coverage here.

The following is from Midland Memorial Hospital’s statement concerning a breach that impacted 1,468 patients:

MIDLAND, TX – June 7, 2016 – Today, Midland Memorial Hospital announced that it is currently investigating a security incident involving certain patients’ personal information. The hospital is providing notice to individuals who may have been affected by the incident and offering free credit monitoring and identity protection services to those patients whose Social Security numbers were included in the records. The hospital regrets any inconvenience or concern this incident may cause.

On April 8, 2016, hospital representatives discovered that Mario M. Gross, M.D., a physician who previously had privileges at the hospital and was formerly employed by Premier Physicians, left patient information at a private residence, causing the information to be accessible to certain members of the public for a limited period of time. Upon learning of the situation, hospital representatives promptly secured the patient records and initiated an internal investigation to determine the specific patients who were affected and the personal information that was contained in those records.

Based on this review, the hospital believes that the patient records may have contained patients’ first and last names, home addresses and certain health information, including dates of birth, Account Numbers/Medical Record Unit Numbers (MRUN), diagnoses, medications, procedures and physicians’ notes. The records may have also contained some patients’ Social Security numbers as well as Medicare and/or Medicaid numbers. Currently, the hospital has no evidence that any of the information has been used inappropriately.

Midland Memorial Hospital recognizes the importance of protecting personal information and is committed to taking steps to prevent this type of incident from occurring again in the future. The hospital has or will be reviewing or modifying its policies and procedures to prevent future incidents, educating its medical staff about the incident and tasking them with reviewing and updating their own controls over patient records, and reminding its workforce about the rules and procedures for protecting patient records.

Midland Memorial Hospital is proactively reaching out to impacted patients to provide guidance on how they can protect themselves. More information for impacted patients is available on the hospital’s website: www.midland-memorial.com/securityupdate. Impacted patients with questions should call 1-844-305-8390, 7 a.m. – 4 p.m. CST, Monday-Friday.

[…]

FAQs

What happened?

On April 8, 2016, hospital representatives discovered that Mario M. Gross, M.D., a physician who formerly had privileges at the hospital and was formerly employed by Premier Physicians, left patient information in his private residence, causing the information to be accessible to certain members of the public for a limited period of time. Upon learning of the situation, we promptly secured the patient records and initiated an internal investigation to determine the specific patients who were affected and the personal information that was contained in those records. Currently, we have no evidence that any of the information has been used inappropriately.

Who is impacted?

The records contained information relating to certain patients, and the hospital sent notification letters in the mail to impacted patients on June 7, 2016.

What information may have been compromised?

The hospital believes that the patient records may have contained patients’ first and last names, home addresses and certain health information, including dates of birth, Account Numbers/Medical Record Unit Numbers (MRUN), diagnoses, medications, procedures and physicians’ notes. The records may have also contained some patients’ Social Security numbers as well as Medicare and/or Medicaid numbers.

What have you done to address this incident?

Upon learning of the situation, hospital representatives promptly secured the patient records and initiated an internal investigation to determine the specific patients who were affected and the personal information that was contained in those records.  Moving forward, we are committed to taking steps to prevent this type of incident from occurring again in the future. We have or will be reviewing or modifying our policies and procedures to prevent future incidents, educating our medical staff about the incident and tasking them with reviewing and updating their own controls over patient records and reminding our workforce about the rules and procedures for protecting patient records.

What are you going to do to help patients who are impacted?

We are proactively reaching out to impacted patients to provide guidance on how they can protect themselves. The hospital is offering free credit monitoring and identity protection services to those patients whose Social Security numbers were included in the records. Safeguarding personal information is a top priority at Midland Memorial Hospital, and we sincerely regret any inconvenience or concern this incident may cause our patients.

UPDATE: Dr. Gross was also affiliated with Midland Women’s Clinic, who issued their own statement and also reported the incident to HHS. Their report to HHS, added to HHS’s breach tool in July although it was submitted in June, indicated that 717 patients were impacted:

 

No related posts.

Category: ExposureHealth DataSubcontractorU.S.

Post navigation

← AU: Breach sees abusive dad given address to his kids
Not our data, not our server – Amazon Kindle denies hacker’s claims →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.