Today’s update of HHS’s breach tool includes six breach reports, some of which we knew about already. Two of the incidents had been covered on my companion blog but not reported here as it was not clear that PHI were involved, but it seems that PHI must have been involved:
- The State of South Carolina Budget and Control Board Employee Insurance Program reported the hacking incident previously mentioned on DataBreaches.net; and
- Hanger Prosthetics & Orthotics report of a stolen laptop appears to be the same incident reported on DataBreaches.net as Hanger Orthotics Group. In its report to HHS, the firm reports that 4,486 patients were notified. One seeming discrepancy is that the incident was reported to the New Hampshire AG as occurring on November 4 and to HHS as occurring on Nov. 24.
Two other incidents revealed today are lacking details:
- Baptist Memorial Hospital in Huntingdon, Tennessee has notified 4,800 patients of data loss occurring on November 27, 2010. I can find no statement on their web site, however, or media coverage. I have sent them an email inquiry about the incident.
- Lake Woods Nursing and Rehabilitation Center in Michigan notified notified 656 individuals after a computer was stolen on December 28. I cannot find any web site for them or media coverage of the incident.
Updated December 10, 2011: The Hanger Prosthetics & Orthotics, Inc. incident was summarized this way on HHS’s breach tool:
An unencrypted laptop was stolen from an employee offsite. The laptop contained the PHI of 4,486 patients. The protected health information involved in the breach contained names, addresses and procedure codes. Following the breach, the CE filed a police report, notified affected patients and notified the media. Following the discovery of the breach, the covered entity encrypted all existing laptops and implemented a policy requiring all future purchased laptops to be encrypted prior to being issued for use. “
So was this the same laptop that had been reported stolen to the New Hampshire Attorney General’s Office that contained employee data or a different laptop?