DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Boston Health Care for the Homeless Program Investigates Breach That Occurred in March, 2018

Posted on August 31, 2018 by Dissent

Updated Sept. 5, 2018.

Let’s start with BHCHP’s substitute notice:

Boston, MA – In mid-March 2018, a lapse in security led to a possible breach of the Protected Health Information (PHI) of patients of Boston Health Care for the Homeless Program’s (BHCHP’s) clinic at St. Francis House (SFH) in Boston.

A shelter guest trespassed into the clinic on the night of March 13. The event was reported to law enforcement, who did not detain the intruder. BHCHP’s comprehensive investigation found no evidence that the intruder viewed or retained PHI.

Health information involved in the possible breach included handwritten staff notes, printed patient lists, referral forms, and insurance/benefits applications.

BHCHP is not aware of any misuse of patient information, but is notifying patients who may have been affected by the possible breach. Patients with questions about the possible breach may call BHCHP toll free at 888-328-7893. BHCHP recommends that patients who have accessed care or services at the SFH clinic monitor their credit reports and/or report any suspicious activity to local law enforcement. Individuals may request a free copy of their credit report by visiting annualcreditreport.com, or by calling 1-877-322-8228.

BHCHP conducted an internal investigation that included a comprehensive search of all parts of the SFH clinic to which the intruder would have had access and interviews with clinic and shelter staff. BHCHP then performed a detailed analysis of the evidence that the investigation surfaced. BHCHP also promptly ensured that the clinic door was secure and implemented extra safety measures, including an additional lock on internal doors within the clinic and secure storage of keys to internal doors, file cabinets, and storage cabinets. In addition, BHCHP updated its policies governing how staff use and store patient information.

For more information, please call the toll free number (1-888-328-7893) to speak with a BHCHP Compliance Officer or senior manager.

Sept. 5 update:

I spoke with legal counsel for BHCHP today, who explained that they decided to notify everyone of this incident in the proverbial “abundance of caution.” As I understand it, the door between the shelter and the clinic may have not been securely closed and a shelter resident wandered into the clinic, likely looking for a quiet place. There was never any indication that the individual was looking to take anything or to snoop in any records in the clinic. So… was this a reportable breach under HIPAA? I’m not a lawyer, but this really doesn’t seem like a breach to me as much as an accidental trespass with no harm, no foul. But I do understand the desire to err on the side of caution when it comes to reporting to regulators. The delay between the incident and the notification, I was told, was due to the need to go through everything so that everyone could be notified. Given that there were a lot of paper records, it was a time-consuming task.

Category: Breach IncidentsHealth DataOther

Post navigation

← More than 85% of China’s app users have had their data leaked: survey
Coweta County, Ga., Largely Restores Servers Following Ransomware Attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.