Capital Digestive Care patient data exposed by vendor error
Sometimes by the time a notification appears on a state breach notification site, I’ve forgotten whether I ever reported it or not.
Case in point: Capital Digestive Care in Maryland. I knew about it on February 22, and helped make the notification to them to get them to investigate it (it turned out to be a third-party incident involving LMO). But at the time, and even though I reported on it, I had no numbers for my monthly statistics and it had not been reported to HHS.
On April 23, CDC’s external counsel reported the incident to the New Hampshire Attorney General’s Office. We still don’t have numbers for this one, as it’s not on HHS’s breach tool at this time, but here’s their report:capital-digestive-care-20180423