Jun 182018
 

Megan Barnes reports that more than 1,000 patients at the Long Beach Veterans Affairs Medical Center had their information stolen by a now-former employee who has been sentenced to prison.

Albert Torres was reportedly arrested on April 12 after  officers became suspicious when his license plates were not those for a noncommercial vehicle. A search of the vehicle uncovered patient data for 14 people, including names, dates of birth and full Social Security numbers. A subsequent search of his apartment uncovered even more patient data.

Torres was sentenced on June 4 to three years in  prison, and affected patients are being notified.

Jun 072018
 

Josh Wright reports:

The loss of medical information relating to as many as 50 patients has sparked fears about the security of people’s private records.

Personal details belonging to between 11 and 50 patients of the trust which were kept on a notepad were stolen along with a laptop belonging to a Poole-based employee of Dorset HealthCare Trust.

The theft, which took place in February, was made public at the meeting of the trust’s board last week and has been reported to the Information Commissioner’s Office.

The trust said that the laptop had been “fully encrypted” but that the device and notebook had still not been recovered.

Read more on Daily Echo.

May 252018
 

WHEC has the story, brought to them by a consumer who observed employees just tossing records with personal information:

Mottshaw says he refuses to give his social security number out because his identity has been stolen before. When he was at the DMV in Henrietta he says he saw employees throw documents in the garbage.

So after hours, he came back and went through the dumpster behind the building.

On Thursday, he showed News10NBC the garbage he collected. The papers included renewal applications with names, addresses and social security numbers which we blacked out, the Homeland Security and Visa information of an exchange student at UofR, boat registration stickers and stacks of 10 day car inspection tags.

Read more on WHEC.

May 242018
 

Paul Kunert reports:

Bayswater Medical Centre (BMC) in London is licking its wounds after taking a not insignificant punch to the wallet for discarding highly sensitive medical information in an empty building for a year and a half.

The Information Commissioner’s Office (ICO) said today the data included medical records, prescriptions and patient identifiable medicine. It was left unsecured when BMC vacated its surgery but used the premises as a storage dump from July 2015.

Read more on The Register.

From the Information Commissioner’s Office:

Bayswater Medical Centre (BMC) in London has been fined £35,000 by the Information Commissioner’s Office (ICO) after it left highly sensitive medical information in an empty building.

The personal data, which included medical records, prescriptions and patient-identifiable medicine, was left unsecured in the building for more than 18 months.

In July 2015, BMC moved out of a former GP surgery but continued to use the premises for storage purposes.

In 2016, representatives of another GP surgery were allowed to visit the vacant building with a view to taking over the lease.

Once inside, they found unsecured medical records and other sensitive information and informed BMC, but the owners took no action to secure the data, despite repeated warnings by both the other surgery and the local Clinical Commissioning Group.

In February 2017, officers from NHS England visited the site and found a large quantity of highly sensitive information left on desks, in unlocked cabinets and in bins. They ordered BMC to remove the information the next day.

Steve Eckersley, the ICO’s Head of Enforcement, said

“Bayswater Medical Centre left their patients’ most sensitive data abandoned and with no thought for the distress that this could cause them if it had been lost or misused.”

The ICO ruled that:

  • BMC failed to secure the premises or the data stored there, and allowed unsupervised access to the premises by others, who were not authorised to view the data;
  • BMC should have known that that exposing this highly sensitive personal information – and potentially losing it -would have caused substantial damage and distress; and
  • The contravention was heightened by BMC’s failure to take prompt action to protect patient data for such a long time.

The ICO found that the severity of the breach merited a fine of £80,000, but this was reduced to £35,000 after BMC’s ability to pay was taken into account.

Mr Eckersley said:

“It is our duty to stand up for people’s data rights and to ensure that their sensitive personal information is protected.

“Out of sight is definitely not out of mind. We don’t want anyone to think that they can avoid the law or their duties by abandoning personal data in empty buildings.”

May 112018
 

Danny Spewak reports:

Fifty case files with sensitive information about Erie County constituents were potentially exposed to the public during two separate instances in 2017, according to a letter sent this week from the Department of Social Services to the county legislature.

[…]

A total of 37 Adult Protective Services case files were found in a folder on Clinton Street and returned to the Rath Building security desk, Cannon reported. An internal investigation showed the “vast majority” of cases found in the folder “had workers supervised by a recently retired civil service employee.”

In a separate incident, a total of 13 Child Protective Services case files were potentially exposed after an employee had a bag stolen during a car break-in. That bag with those case files was recovered in a neighbor’s driveway the next day, and the files did not appear compromised, Cannon said. The employee was disciplined for not properly securing the files.

Read more on WGRZ.