There were a number of breaches added to HHS’s breach tool today that were news to me. Here’s another: Colorado Health & Wellness reported an incident affecting 651 patients that occurred on September 4. HHS’s log codes the incident as “Theft, Unauthorized Access/Disclosure” involving EMRs. Clear as mud, right? I could not locate any media…
NY: Martin Luther King Jr. Health Center learns of subcontractor's breach four years later, responds to breach admirably
The Martin Luther King Jr. Health Center (MLK) in the Bronx, New York, recently notified 37,000 patients of a security breach that occurred in 2009. The incident was just added to HHS’s breach list today. I was unable to find any media coverage of the breach, but found a notice on the center’s web site that…
Texas orthopedic group notifies patients after desktop computers were stolen in burglary
One of the breaches newly revealed on HHS’s public breach list involves Greater Dallas Orthopaedics, PLLC in Texas, who reported that 5,840 patients had PHI on a desktop stolen on August 30. Although I couldn’t find any statement about the breach on their web site at this time (I wish it wouldn’t take HHS so long to post…
Update to HHS's breach list (update 1)
HHS added 16 breach reports to its public breach tool today, bringing the counter of breaches each affecting 500 or more individuals to 736 since HITECH went into effect September 23, 2009. As I’ve done in the past, I’ll begin by noting which of the additions we already knew about, annotated if there’s anything new…
18,800 Colorado State Workers Wrapped Up In Data Breach
Jeanne Price reports: Nearly 19,000 Colorado state workers—both current and former—could have identity protection concerns after a state worker lost a USB or thumb drive containing their personal data including Social Security Numbers (SSN). “A state employee lost the drive while transporting it between work locations. There is no indication that this information has been…
From my mail bag…
Cross-posted from phiprivacy.net: Over on DataBreaches.net, a number of people are reporting that they have received notification letters for the Maricopa Community Colleges breach, but that they’ve never attended the college and have no idea why they’re receiving letters. Today, I got an email about a breach reported on this site (phiprivacy.net). I’m redacting it, but…