Is HHS still dealing with ADP breach from 2012?

I have to confess I was somewhat surprised to see that HHS’s public breach tool is still adding affected entities to the Advanced Data Processing incident.  Whether HHS is just getting around to adding them or whether the entities are first discovering and/or reporting that their patients were involved is not known to me.  Readers may recall that breach as a rogue insider who stole and provided PHI for a tax refund fraud scheme.

This week, there were three ADP-related entries, although one of them appears to be just a summary of the other two and should probably be removed from the breach tool to prevent double-counting:

The Alexandria Fire Department in Virginia reported that 1,669 patients were affected by the incident, while Heard County EMA in Georgia reported that 672 of their patients were affected.

Of note, the ADP entry in HHS’s public breach tool does not  yet have a summary, which may mean that HHS’s investigation into this insider breach may be ongoing.


About the author: Dissent