Apr 132018
 

From their notice of March 30, 2018:

NYC Health + Hospitals this week began to notify 595 NYC Health + Hospitals/Harlem patients about the possible disclosure of some of their protected health information (PHI). The possible disclosure—a laptop computer missing from the facility—occurred on January 25, 2018, and was discovered on January 29. The PHI on the laptop included patients’ names, medical record numbers, dates of birth, and whether a hearing test was passed.

There is no evidence to suggest that the PHI has been misused in any manner. Consistent with federal regulatory requirements, NYC Health + Hospitals has notified the federal oversight agency of this disclosure. In addition, in an abundance of caution, NYC Health + Hospitals has taken steps to protect those potentially affected, including offering free credit monitoring and identity protection services for one year, through the third-party vendor Kroll Information Assurance, LLC.

NYC Health + Hospitals has taken measures to prevent a recurrence. First, having immediately notified local law enforcement of the incident, the health system is assisting with the active investigation. Second, the health system is reviewing security precautions currently in place to identify areas for security supplementation, including installing additional security cameras. Third, the health system is evaluating additional security precautions specifically for portable devices. Fourth, the health system is reviewing security-awareness training to further emphasize to all employees the importance of safeguarding PHI.

Affected patients are invited to call toll free 1-866-779-0488, from 9:00 am to 6:00 pm (Eastern Time) Monday through Friday, to get answers to their questions or get help with any related concerns.

 

Apr 132018
 

Su Xinqi and Emily Tsang report on the case of a missing brain. Okay, that’s unsettling, I agree, but I’m posting a link to their coverage because of what else was in the story:

Meanwhile, in a separate incident, Prince of Wales Hospital apologised on Friday evening after a staff member lost about 100 sheets of medical records containing the private information of hundreds of patients.

The incident occurred on Thursday evening. A member of the clerical staff had accidentally left the papers in a taxi after taking them out of the office.

Read more on South China Morning Post.

Apr 032018
 

Dale Bass reports:

John Ranta isn’t happy about a privacy breach at Royal Inland Hospital.

The mayor of Cache Creek and former chair of the Thompson-Nicola Hospital District board said he was given a copy of a letter sent to one of the people in his community from RIH, advising that a binder with patient information went missing from the hospital.

The binder included names, addresses, phone numbers, ages, dates of birth, personal health-care numbers, family physicians, medication histories and information from colon scans.

You can see the notification letter, which is reproduced in the news story, on Kamloops This Week.

Mar 222018
 

The following press release is basically identical to one provided yesterday by Georgia MENTOR. Neither Georgia MENTOR nor CareMeridian name the software provider who mailed them a disk with unencrypted documents that appears to have been lost in the mail.

CareMeridian, LLC is notifying individuals of a data security event that could potentially impact the security of certain personal information. Although we are unaware of any actual or attempted misuse of the information, we are providing potentially impacted individuals with information about the event, steps taken since discovering the event, and what can be done to protect against potential harm.

What Happened

On December 21, 2017, CareMeridian discovered that an unencrypted disk sent by a third-party software provider containing documents that included sensitive information appeared to have been lost in the mail. We immediately launched an investigation to determine the nature and scope of this incident, the types of information involved and the individuals who may be affected. We retained a third-party expert to assist us with this investigation. Notably, we continue to have no evidence of actual or attempted misuse of information as a result of this incident.

What Information Was Involved

It was determined that with respect to CareMeridian the lost disk contained one or more of the following types of information: name and limited medical information, and, for 13 individuals, social security number.

Notification

CareMeridian is mailing notice letters to the affected individuals. We are also reporting this incident to U.S. Department of Health and Human Services and certain state regulators as required.

What Affected Individuals Can Do

CareMeridian is unaware of any actual or attempted misuse of the information, and emphasizes that it cannot confirm whether the information was actually accessed. Nevertheless, we encourage affected individuals to review financial statements, monitor credit reports, and report suspicious activity to the institution with whom the information is shared.

Additional Information

Any affected individual can learn more about this incident by calling CareMeridian directly at 888-818-8990.

CareMeridian takes seriously its responsibility to safeguard the confidentiality, privacy and security of information in our custody. We have security measures in place and are taking additional steps to enhance data security going forward. We regret that any information was put at risk.

Source: CareMeridian, LLC

Mar 212018
 

From their press release:

National Mentor Healthcare, LLC (d/b/a Georgia MENTOR) is notifying individuals of a data security event that could potentially impact the security of certain personal information. Although we are unaware of any actual or attempted misuse of the information, we are providing potentially impacted individuals with information about the event, steps taken since discovering the event, and what can be done to protect against potential harm.

What Happened

On December 21, 2017, Georgia MENTOR discovered that an unencrypted disk sent by a third-party software provider containing documents that included sensitive information appeared to have been lost in the mail. We immediately launched an investigation to determine the nature and scope of this incident, the types of information involved and the individuals who may be affected. We retained a third-party expert to assist us with this investigation. Notably, we continue to have no evidence of actual or attempted misuse of information as a result of this incident.

What Information Was Involved

It was determined that with respect to Georgia MENTOR the lost disk contained one or more of the following types of information: name and limited medical information, and, for one individual, social security number.

Notification

Georgia MENTOR is mailing notice letters to the affected individuals. We are also reporting this incident to U.S. Department of Health and Human Services and certain state regulators as required.

What Affected Individuals Can Do

Georgia MENTOR is unaware of any actual or attempted misuse of the information, and emphasizes that it cannot confirm whether the information was actually accessed. Nevertheless, we encourage affected individuals to review financial statements, monitor credit reports, and report suspicious activity to the institution with whom the information is shared.

Additional Information

Any affected individual can learn more about this incident by calling Georgia MENTOR directly at 888-818-8990.

Georgia MENTOR takes seriously its responsibility to safeguard the confidentiality, privacy and security of information in our custody. We have security measures in place and are taking additional steps to enhance data security going forward. We regret that any information was put at risk.