DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Boston Health Care for the Homeless Program Investigates Breach That Occurred in March, 2018

Posted on August 31, 2018 by Dissent

Updated Sept. 5, 2018.

Let’s start with BHCHP’s substitute notice:

Boston, MA – In mid-March 2018, a lapse in security led to a possible breach of the Protected Health Information (PHI) of patients of Boston Health Care for the Homeless Program’s (BHCHP’s) clinic at St. Francis House (SFH) in Boston.

A shelter guest trespassed into the clinic on the night of March 13. The event was reported to law enforcement, who did not detain the intruder. BHCHP’s comprehensive investigation found no evidence that the intruder viewed or retained PHI.

Health information involved in the possible breach included handwritten staff notes, printed patient lists, referral forms, and insurance/benefits applications.

BHCHP is not aware of any misuse of patient information, but is notifying patients who may have been affected by the possible breach. Patients with questions about the possible breach may call BHCHP toll free at 888-328-7893. BHCHP recommends that patients who have accessed care or services at the SFH clinic monitor their credit reports and/or report any suspicious activity to local law enforcement. Individuals may request a free copy of their credit report by visiting annualcreditreport.com, or by calling 1-877-322-8228.

BHCHP conducted an internal investigation that included a comprehensive search of all parts of the SFH clinic to which the intruder would have had access and interviews with clinic and shelter staff. BHCHP then performed a detailed analysis of the evidence that the investigation surfaced. BHCHP also promptly ensured that the clinic door was secure and implemented extra safety measures, including an additional lock on internal doors within the clinic and secure storage of keys to internal doors, file cabinets, and storage cabinets. In addition, BHCHP updated its policies governing how staff use and store patient information.

For more information, please call the toll free number (1-888-328-7893) to speak with a BHCHP Compliance Officer or senior manager.

Sept. 5 update:

I spoke with legal counsel for BHCHP today, who explained that they decided to notify everyone of this incident in the proverbial “abundance of caution.” As I understand it, the door between the shelter and the clinic may have not been securely closed and a shelter resident wandered into the clinic, likely looking for a quiet place. There was never any indication that the individual was looking to take anything or to snoop in any records in the clinic. So… was this a reportable breach under HIPAA? I’m not a lawyer, but this really doesn’t seem like a breach to me as much as an accidental trespass with no harm, no foul. But I do understand the desire to err on the side of caution when it comes to reporting to regulators. The delay between the incident and the notification, I was told, was due to the need to go through everything so that everyone could be notified. Given that there were a lot of paper records, it was a time-consuming task.

No related posts.

Category: Breach IncidentsHealth DataOther

Post navigation

← More than 85% of China’s app users have had their data leaked: survey
Coweta County, Ga., Largely Restores Servers Following Ransomware Attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.