Recent updates to HHS’s breach tool reveal a few more breaches that did not show up in the media and other sources I routinely search:
The Community Action Partnership of Natrona County in Wyoming notified HHS of a breach involving unauthorized access to the information of 15,000 clients. There apparently was a notice on their web site on April 7, but it is no longer available. According to their report to HHS, the inicdent occurred on February 23.
TRICARE Management Activity of Colorado reported that 4,500 individuals were affected by a breach involving paper records that occurred on June 25, 2010. Why was this breach first reported almost a year after it occurred? Was it just discovered recently or what? I do not find any media coverage of this one or any statement on a TRICARE site.
Drs. Edalji & Komer in Massachusetts reported that 563 patients had PHI on a laptop stolen on April 12, 2011. I cannot find any statement or media coverage on this one, either.
The Methodist Charlton Medical Center in Dallas, Texas reported that 1,500 patients were affected by the theft of a laptop on April 16, 2011. A public notice on their web site explains:
This is to notify former patients and families of former patients of Methodist Charlton Medical Center (“the Hospital”) of a possible breach of patient information. This involves patients who were a part of the Hospital’s palliative care program between June 6, 2006, and September 30, 2010. On April 16, 2011, an
office within the Hospital was burglarized and a laptop, along with other office items, was stolen.
Unfortunately, the laptop contained certain patient information. We believe the information contained some or all of the following: patient name, age, sex, race, marital status, religion, admission and discharge dates, hospital account number, physician, insurance company, discharged to status and location, date of death, chief complaint, and type of cancer. We do not believe the reason for the theft was to obtain patient
information — we believe it was to obtain the laptop. We are therefore notifying former patients and
families of former patients primarily as a precaution. If you receive any suspicious inquiries or contacts by parties having information such as that listed herein and you were a former patient or family member of a former patient as outlined above, please contact us so that we may work with you to further ensure the
safety of your information.
Methodist Charlton Medical Center
3500 W. Wheatland Road
Dallas, TX 75237
Attn: Privacy Officer
Email: [email protected]
Keith & Fisher, DDS, PA of North Carolina reported that 6,000 patients were affected by an IT incident that occurred on February 16, 2011. There is no statement on their web site at the time of this posting that might provide more details and I can find no media coverage.
Post corrected to reflect IT incident for Keith & Fisher may not have been a hacking incident.