Now that California is also posting breach reports online, I’m finding out about breaches in the healthcare sector that I’ve not seen in the news or on HHS’s breach tool.
As one example, Perry Dental sent notification letters about a burglary that occurred February 16:
We are contacting you about a recent burglary in our office that may result in an identity theft problem. The theft involved computer equipment that contained patient insurance information that may be compromised. We are actively working with the Riverside Police Department to fasciliate their investigation and to resolve this incident as soon as possible.
[…]
We apologize for any inconvenience this may cause you.
Sincerely,
Dr. Robert B. Perry
Dr. Stephanie R. Perry
I don’t know the number of patients affected or if this will show up in HHS’s breach tool.
Another breach that showed up on California site that I didn’t know about from HHS’s breach tool or other sources is from St. Joseph’s Medical Center, who sent out the following notice on March 21 that said, in part:
On February 2, 2012, we discovered that a storeroom window had been broken at the HealthCare Clinical Laboratory (HCCL) Patient Service Center located at 89 W. March Lane, Stockton, and that two storage boxes containing HCCL lab requisition forms were missing from the center. We were able to determine that the missing lab requisition forms related to certain laboratory services provided between December 13, 2011, and January 5, 2012, and also between January 17, 2012, and January 31, 2012. The police were notified of the break-in and resulting missing boxes and a police report has been filed. During our ongoing investigation it was determined on March 16, 2012 that your information was also missing for services received between October 24, 2011 and November 18, 2011.
The lab requisition forms that were taken from the center included a record containing your name, insurance information, address, phone number, and social security number. Because your personal information was taken during the break-in at the center, we recommend that you take proactive steps to protect your credit by monitoring your credit reports. To aid you in these efforts, St. Joseph’s Medical Center will be happy to provide for your enrollment at no charge in a credit monitoring service. If you would like to enroll yourself for 1 year of triple bureau credit monitoring from IDT911 at no charge to you, you can visit this website: https://enrollment.monitormyidentity.com/.
[…]
We sincerely regret that this incident occurred. We are reviewing our security procedures and policies, including increasing our security measures, and we will take additional precautions to try to prevent this type of theft from happening again. Please feel free to contact Judy Ferrari, Facility Privacy Official, at 209-467-6343, if you have any questions.
Sincerely,
Judy Ferrari,
Facility Privacy Official
St. Joseph’s Medical Center, Dignity Health
A copy of the notice is also posted on the center’s web site.