Brian Bandell reports: Holy Cross Hospital notified 9,900 of its patients that their personal information might have been breached by an employee who may have intended to commit tax fraud. Patient names, dates of birth, addresses and social security numbers were inappropriately accessed by an employee who has since been terminated, the nonprofit hospital said. This…
Category: Health Data
21st Century Oncology employee stole patient information for tax refund fraud scheme – feds
Here’s one we may not see on HHS’s public breach list, depending on how many patients were involved. 21st Century Oncology Services, an affiliate of Peninsula Cancer Care Center and 21st Century Oncology of Maryland, notified the Maryland Attorney General in July that they had been informed by federal law enforcement of an insider breach…
MO HealthNet/InfoCrossing breach much longer and larger than previously recognized
The MO HealthNet mailing error breach due to a software error by its Business Associate InfoCrossings was much bigger than originally reported, it seems. Maria Altman reports: Personal information for more than 25,000 Missourians in the state’s managed health plan went out to the wrong mailing addresses. The Department of Social Services announced Monday that…
Some breaches are not as bad as HHS's breach tool might suggest
In my recent recap of new additions to HHS’s public breach tool, I noted an incident involving Summit Community Care Clinic. My summary of the breach log was: Summit Community Care Clinic in Colorado reported that 921 patients were affected by a Hacking/IT incident that occurred July 22. There is no statement or notice on their web…
Tri-State Surgical Associates notifies patients of a disclosure breach
Tri-State Surgical Associates in Elkton, Maryland recently notified patients of a disclosure breach involving their PHI. According to a letter sent by Drs. Lowe and Vaidy, when a physician left their practice in May, he reportedly asked a staff employee for patient contact information so that he could notify patients of his new practice location….
Missing Allscripts backup drive held Mercy Health Systems patient information
It seems that Baltimore-based Mercy Health Systems (Mercy Medical Center) forgot to notify Maryland about a breach involving Maryland residents earlier this year. According to an August 13 letter signed by Chante Tindal, Compliance Generalist: on January 14, MHS’s transcription contractor, Allscripts, reported a missing unencrypted hard drive containing patient information. MHS says this was reported…