OK, now HHS is messing with me…

Posted on by Dissent

Friday afternoon and HHS has added dozens of new updates/revisions to the breach tool – after adding dozens more during the week? Yikes. As before, some of them appear to be older incidents that had never been posted publicly while others are more recent.

One change that I noted immediately is that they’ve now organized the Advanced Data Processing breach that I’ve covered on this blog before (see previous posts). Their entry shows that the following covered entities were all affected by the insider breach for tax refund fraud that they code as “theft” from “desktop computer:”

  • 1st response Medical Transpot Corp.
  • City of North College Hill
  • Okaloosa County Public Safety
  • Sumner County Emergency Medical Services
  • City of Seguin – Fire/EMS Department
  • City of Overland Park Fire Department
  • Osceola County EMS
  • City of Gloucester, Fire Department
  • Washington County EMS
  • City of Covington Kentucky Fire Department
  • Sandoval County Fire Department
  • Frederick County Division of Fire Rescue
  • Village of North Palm Beach Fire Rescue
  • Bonham Fire Department
  • North Lake Tahoe Fire Protection District
  • Tahoe Douglas Fire Protection District
  • McAlester Fire/EMS
  • City of Blue Springs EMS
  • City of Azle Fire Department
  • City of Casselberry
  • Harris County Emergency Corps
  • Valparaiso Fire Department
  • City of Victoria Fire Department
  • City of Yuma
  • City of Atlanta/ Atlanta Fire Rescue Department
  • Omaha Fire & Rescue
  • City of Omaha
  • City of Berkeley
  • Cumberland County Hospital System, Inc.
  • Grady Health System
  • City of Los Angeles/Los Angeles Fire Dept.
  • City of Corona
  • City of Yuma
  • City of Omaha

HHS shows the total number affected as 32,000.

You can compare their list to the list I had constructed with numbers based on my research, here.

One implication of their reorganization should be that this should now be counted as (just) one incident instead of multiple incidents as they originally showed it. Unfortunately, the breach tool still shows these as individual incidents, many of which do not even list Advanced Data Processing as the involved business associate.

I’ll get to the other 3 dozen+ additions to the breach tool as time permits over the weekend.

Category: Health Data