Back in July, Ambucor Health Solutions reported a breach to HHS that affected 1,679 patients. Their report, submitted as a Business Associate, was coded as “Unauthorized Access/Disclosure – Email,” with the location of the data being “Other Portable Electronic Device.” That incident was included in Protenus’s breach barometer for July, but no additional details were available at that time.
Now WSPA fills in some of the blanks for us, although the number reported by the covered entity, Carolina Cardiology Consultants, is higher than what Ambucor had reported to OCR:
Some patients at Greenville Health System have been affected by an incident that happened at Ambucor Health Solutions.
Ambucor Health Solutions is a national leader in remote-monitoring labor service for cardiac devices.
About 2,500 patients at GHS have been affected after their personal information was inappropriately downloaded by a former Ambucor employee shortly before his employment at Ambucor ended.
Of note, the breach was first discovered by law enforcement:
In July, law enforcement provided Ambucor with two flash drives that the former employee turned over to them after his departure from the company. After Ambucor found that personal information had been downloaded, they began notifying affected providers, including GHS.
Read more on WSPA.