I have to confess I was somewhat surprised to see that HHS’s public breach tool is still adding affected entities to the Advanced Data Processing incident. Whether HHS is just getting around to adding them or whether the entities are first discovering and/or reporting that their patients were involved is not known to me. Readers may recall that breach as a rogue insider who stole and provided PHI for a tax refund fraud scheme.
This week, there were three ADP-related entries, although one of them appears to be just a summary of the other two and should probably be removed from the breach tool to prevent double-counting:
Of note, the ADP entry in HHS’s public breach tool does not yet have a summary, which may mean that HHS’s investigation into this insider breach may be ongoing.