In January 2015, Ronald D. Garrett-Roe, MD, a physician in Texas, notified HHS that 1,600 patients were affected by a hacking/IT incident involving a desktop computer. At the time, I could find no additional details on the incident, but now we have this somewhat puzzling summary of OCR’s investigation: Alleged hackers gained unauthorized access to one or…
Category: Health Data
Follow-up: Boston Baskin Cancer improved data security safeguards following breach
Remember the Boston Baskin Cancer Foundation breach involving the theft of a hard drive from an employee’s home? The breach affected almost 57,000 patients and employees. Here’s the summary of OCR’s investigation into the incident: On December 2, 2014, a Boston Baskin Cancer Foundation employee’s laptop computer and external hard drive were stolen. The external hard…
Oh, so THAT’s what happened to 160,000 Walgreens customers
Back in December, 2014, I noted that HHS had added an incident involving Walgreens: Walgreen Co. reported that 160,000 patients had PHI involved in an August 1st – November 6th breach involving paper records. I was unable to find any coverage of this, but this could be big, as Walgreen has had problems before with paper records, and…
Follow-up to Boyd Hospital breach
Remember the case in Illinois where Boyd Hospital had stored patient records in a building that was later sold as surplus? The hospital claimed it didn’t know the new owner was taking possession of the building, which is why the patient records were still in there when the new owner took possession of the premises….
Follow-Up: Company involved in NSUH-LIJ breach folded
In June, this site covered a breach affecting approximately 18,000 patients of North Shore-Long Island Jewish Health System. Unencrypted patient data, including SSN and clinical information, had been on five laptops stolen from Global Care Delivery, a Texas-based firm that contracted with North Shore-LIJ to process and collect payments owed by insurers to the hospital system. At the…
Oh, so THAT’s what happened, Sunday edition
Sometimes I see breaches on HHS’s public breach tool but can find no web site for the covered entity or any substitute notice online. Such was the case with an entry for “Daniel A. Sheldon, M.D., P.A.,” an orthopaedic surgeon in Florida. The breach tool entry indicated that on September 16, 2015, the doctor had…