Justin Gray reports:
Medical records for hundreds of patients were found dumped along the side of a road in South Fulton County.
Channel 2 Action News has learned that those records contained everything from Social Security numbers to private medical information.
Channel 2 investigative reporter Justin Gray tracked down where the records came from. Hope Medical told him they moved the records to self-storage after a fire at their facility but didn’t pay the bill on time for the storage unit.
Read more on Newsbreak.
Occasionally we see breach reports involving storage facilities, but what’s particularly concerning about this one is that the covered entity seems to have known that they were behind in paying the facility and didn’t pay them or make arrangements for the facility to continue to protect the records:
Hope Medical said the files were moved to the storage unit following a fire at their office in 2018, but “There was an outstanding and overdue three months balance owed the storage facility. When the money was finally available for payment, the storage informed us that the clinic was a couple of days late, that the contents were sold off.”
This has been a rough year financially for a lot of entities, but if their failure to pay resulted in patient records being sold off or dumped/exposed publicly, what do you think HHS should do in terms of enforcement? Anything?