DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Logs audit reveals The Peds in Las Vegas suffered insider-wrongdoing breach in 2014

Posted on February 1, 2018 by Dissent

There is so much wrong with this one that although I give them great credit for admitting they had a breach four years ago that they first discovered,  I find their notification quite concerning.

From The Pediatric Endocrinology and Diabetes Specialists, 5235 South Durango #103, Las Vegas, NV  89113:

On 11 January 2018, during an audit of our computer logs, we came across evidence that there was a breach of patient health information in our system.

The breach occurred on numerous days between 27 January 2014 until 7 February 2014.  Information that appears to have been taken includes full name, date of birth, address, phone number along with email address, insurance payor, medical record number, diagnosis codes and clinical notes.

We feel that you do not need to take any proactive steps to limit any harm.  The breach was 4 years ago, and we suspect it was to take patient data for recruitment to another medical facility in Las Vegas.

We are continuing to investigate what has been done.  We do know who the suspects are, and we have reported the breach to the office of civil rights for investigation and for any criminal investigation should it be needed.

We have setup a toll free number that will be active until April 18,2018.  If you have any questions you can call 1-866-369-6619 and leave a voicemail and we will get back to you.

We apologize for this.  We take protecting your privacy very seriously.  We are fully up to date on all HIPPA (sic) certifications and standards.  Our staff is retrained annually on such standards.  With Twistle we are on the cutting edge of HIPPA (sic) standards.   This was a result of internal theft from a staff member – not an outside hacker selling your health data on the internet.

Thank you for your understanding.

Source.

So, okay, I don’t know that I agree with them that nothing needs to be done. If someone wandered off with your personal information and some insurance and medical information, then regardless of what The Peds suspects that former employee intended to do with it four years ago, where are those data now? Are they on a flash drive that is not encrypted? Are they on a CD sitting around gathering dust somewhere? Are they on another entity’s hard drive, waiting to be hacked by someone else?

Who has access to those data right now or could have access to it? 

And what has The Peds done to prevent an insider breach of this type happening again in the future?  Are they somehow trying to suggest that using Twistle is relevant to preventing this type of wrongdoing again?

 

Category: Commentaries and AnalysesHealth DataU.S.

Post navigation

← Records of pain device patients on stolen Nevro laptops
 Eastern Maine Medical Center notifying 660 cardiac ablation patients after vendor’s hard drive discovered missing or stolen →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.