Lone Star Circle of Care notifies 8,700 after learning of web exposure of PHI by contractor
Mary Ann Roser reports:
A data breach at Lone Star Circle of Care has compromised the personal information of 8,700 people, including 6,300 patients, officials said Friday.
The breach was discovered Jan. 9 after a backup file containing mostly names, addresses, phone numbers, and in some cases, birth dates, was improperly placed on Lone Star’s website by the company that designed, maintained and secured the website. The data had been posted for nearly six months before Lone Star realized what had happened, officials said.
No one’s financial information was compromised, said Lone Star CEO Rhonda Mundhenk, who added that the company, which she declined to name, was let go.
Read more on Statesman. It seems that the exposure began on July 31, and the data were accessed “numerous times by ‘unauthorized individuals’ unknown to Lone Star.”
As Roser notes, this was not Lone Star Circle of Care’s first reportable breach under HITECH. Coverage of their earlier breach can be found here. This latest breach does not yet appear on HHS’s public breach tool.