Dec 292018

Dave Bartkowiak Jr. reports:

 Blue Cross Blue Shield of Michigan announced Friday that the personal data of nearly 15,000 of Medicare Advantage members may have been compromised after an employee’s laptop computer was stolen in October. 

Blue Cross said it was notified on Nov. 12, 2018 by COBX, a subsidiary company vendor serving Medicare Advantage business for them, that an employee’s work laptop was stolen on Oct. 26, 2018. Although the laptop was encrypted and password-protected, the employee’s access credentials may have been potentially compromised, Blue Cross said.

Read more on ClickOnDetroit.

Dec 222018

I’ve often thrown up my cyber-hands in disgust at breaches that occur because people leave unencrypted PII or PHI in unattended vehicles. But sometimes, you read an incident report, and you can somewhat relate. This report by attorney Michael Koch, dba Lockhart, Britton & Koch in La Mesa, California is one of those times.

From the sound of things, the law firm, which specializes in bankruptcy cases and estate planning, responsibly backed up client data. And they responsibly tried to maintain that external drive backup off-site. But then, busy with Thanksgiving preparations, Koch left his briefcase containing the drive locked in the trunk of his car in his driveway. And the rest, as they say, is history….

As a result of this incident, the firm is now maintaining the backup drive in a fireproof safe and is looking into other secured storage options.

They are also offering clients one year enrollment in Experian’s IdentityWorks product.

You can read the full notification below.


We all get tired. Or our arms are full so we don’t grab one bag from the car, figuring we’ll come back out later and get it. And then we don’t. It only takes one slip-up in judgement or one decision made when we are tired or busy to result in a costly data breach. And it could happen to any of us.

Dec 112018

Confidential data on 20,000 residents in Gladsaxe, a municipality in central Zealand, were saved locally on a computer stolen that was recently stolen from the town’s city hall.

The computer was stolen during a break-in between during the weekend of November 30th to December 3rd, Politiken reports.

Information stored on the machine includes personal registration numbers, age, gender, address and marital status.


Nov 162018

From their notice:

On September 5, 2018, FHN Family Counseling Center (“FHN”) learned that a password-protected laptop was stolen out of a FHN employee’s vehicle. The employee immediately notified law enforcement, but the laptop has not yet been recovered. Upon learning of the incident, FHN immediately initiated an investigation to determine the scope of the incident and the impact on our patients. FHN determined that the laptop contained certain aspects of our patients’ personal information, which may include those patients’ name, address, date of birth, medical record number, insurance information, medical information, Social Security number and driver’s license number.

On November 2, 2018, FHN sent written notification to all potentially impacted individuals for whom we have contact information, and has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were involved in the incident.

Affected individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. In general, we recommend, as a precautionary measure, that any impacted individuals remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general.

Affected individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit call 1-877-ID-THEFT (1-877-438-4338). Affected individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

FHN has a robust program in place to encrypt all laptops. We determined that, due to an isolated technical issue involving our encryption software, the specific laptop at issue was not encrypted at the time of the incident. FHN took steps to immediately re-encrypt all laptops affected by this technical issue and to re-train the employee whose laptop was stolen, as well as all employees, on safeguarding mobile devices.

FHN apologizes for any inconvenience or concern this incident might cause the affected individuals. Additional information is available via a confidential, toll-free inquiry line at 1-877-728-0077 between 8:00 a.m. and 5:00 p.m., Central Time, Monday through Friday.

According to their notification to HHS, 4,458 patients had information on the stolen laptop or were being notified of the theft.

Nov 122018

Anthony Vecchione reports:

Summit Medical Group said Monday it is looking into an incident of a possible security leak of patient data.

SMG said it became aware of the potential unauthorized disclosure of patient medical records Sept. 5 when management and privacy office personnel were notified a notebook maintained by a medical assistant in the dermatology office in Berkeley Heights was misplaced and was not recovered.

In a statement, SMG said that it launched an investigation into the incident and determined that the notebook was maintained by the medical assistant to track all of the patients to whom she provided health care services.

The employee kept the notebook at the facility and reported that the book never left the dermatology office, according to SMG.

Read more on NJBiz.

The following is SMG’s press release, issued November 2:

BERKELEY HEIGHTS, N.J., Nov. 2, 2018 /PRNewswire/ — Summit Medical Group (“SMG”) is taking action after discovering an isolated incident that may impact the security of information relating to a limited number of SMG patients.

On or around September 5, 2018, SMG became aware of the potential unauthorized disclosure of patient medical records when SMG management and Privacy Office were notified that a notebook maintained by a medical assistant in the dermatology office at Berkeley Heights was misplaced and unable to be recovered. SMG immediately launched an investigation into this incident, and it was determined that the notebook was maintained by the medical assistant to track all of the patients to whom she provided health care services, to assist her with following up with patients. The employee kept the notebook at the facility and reported that the book never left the dermatology office. This cataloging of the information in the notebook began around January 12, 2018 and included information pertaining to all patients seen by the employee through September 5, 2018, when the employee could not locate the notebook. Management and the Privacy Office conducted interviews of employees, reviewed security footage, and searched the office, but found no trace nor evidence of the notebook.

While the information present in the notebook varies by individual, SMG’s investigation determined that the information that may have been affected includes: name, date of birth, address, home telephone number, insurance policy number, Medicare ID (which can also be a patient’s Social Security Number), and treatment information.

While SMG has no evidence that any information involved in this incident has been subject to actual or attempted misuse, SMG is mailing notice letters to individuals who may have been affected by this incident. SMG is also encouraging potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanations of benefits, and to monitor credit reports and explanation of benefits forms for suspicious activity and to detect errors.

SMG is providing potentially impacted individuals information on obtaining a free credit report annually from each of the three major credit reporting bureaus by visiting, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 800-525-6285,; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742,; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680-7289,

Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580;; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General. SMG will be providing notice of this incident to the U.S. Department of Health and Human Services, as well as required state regulators.

SMG understands that patients may have questions about this incident that are not addressed in this release. If you have questions or concerns, please do not hesitate to reach out to SMG’s Patient Relations Department via [email protected] or 908-977-9499 Monday – Friday, 9am – 5pm ET, excluding national holidays.

About Summit Medical Group

Recognized as New Jersey’s premier multispecialty medical group, Summit Medical Group has more than 80 locations in seven northern New Jersey counties. Summit Medical Group’s 800+ practitioners cover more than 80 medical specialties and services, with a focus on delivering patient-centered and coordinated care. Summit Medical Group’s unique care model recently expanded nationally with the founding of Summit Medical Group Oregon – BMC Total Care and Summit Medical Group Arizona. Additionally, Summit Medical Group is the only healthcare provider in northern New Jersey to offer patients access to the world-renowned MD Anderson Cancer Network® through Summit Medical Group MD Anderson Cancer Center. For more information, visit

SOURCE Summit Medical Group

Related Links