Six newly revealed breaches on HHS site

It seems that using the new HHS/OCR web site will be even more difficult to use than I anticipated, as they are sorting breach reports by the date of breach, not date that the incident was added to their site, so I have to review the entire list to see what’s been added instead of just looking for what’s new at the top of the list.

In any event, here are six more breach reports that have been added to their web site, below. Other breaches that have been recently added to their site were already reported in the media. These are just the ones we didn’t know about already:

North Carolina Baptist Hospital
State: North Carolina
Approx. # of Individuals Affected: 554
Date of Breach: 2/15/10
Type of Breach: Theft
Location of Breached Information: Paper Records

University of New Mexico Health Sciences Center
State: New Mexico
Approx. # of Individuals Affected: 1,900
Date of Breach: 2/08/10
Type of Breach: Other
Location of Breached Information: Desktop Computer

Lucile Packard Children’s Hospital
State: California
Approx. # of Individuals Affected: 532
Date of Breach: 1/11/10
Type of Breach: Other
Location of Breached Information: Desktop Computer

Advanced NeuroSpinal Care
State: California
Approx. # of Individuals Affected: 3,500
Date of Breach: 12/30/09
Type of Breach: Theft, Loss
Location of Breached Information: Network Server, Desktop Computer

Brown University
State: Rhode Island
Business Associate Involved: Blue Cross Blue Shield of Rhode Island
Approx. # of Individuals Affected: 528
Date of Breach: 12/11/09
Type of Breach: Unauthorized Access
Location of Breached Information: Paper Records

Center for Neurosciences
State: Arizona
Approx. # of Individuals Affected: 1,101
Date of Breach: 12/15/09
Type of Breach: Theft
Location of Breached Information: Laptop

About the author: Dissent

2 comments to “Six newly revealed breaches on HHS site”

You can leave a reply or Trackback this post.
  1. Anonymous - March 11, 2010

    PHI/Office of Inadequate Security- you are a blessing for those of us monitoring what is going on. Not only did they add them according to date but they seemed to rearrange the list originally published. This must have taken at least 4 hours of time. Thank you on behalf of everyone who is trying to figure out what is going on. Now if they would only tell us what kind of theft- hacking, insider, stolen laptop and what kind of information was taken. Guess that is too much work for them. After going through 50 additions to the MD AG list and the first group of HHS, I really wonder why the lack of transparency in all states and ONE national database that is kept up to date so that nonprofit and media groups around the nation don’t have to.

  2. Anonymous - March 11, 2010

    I don’t think it’s too much work for them. The easiest thing would be for them to just upload the forms they receive electronically in the order they receive them. Instead, they are spending time to omit information that we want and then to figure out where to list it.

    Thanks for the kind words about this site and databreaches.net. If I had the resources, I’d really start filing and appealing FOIA requests and denials. I firmly believe that we need greater transparency. DataLossDB.org was also filing FOI requests a while back, but I don’t know if they’d be willing to really pursue cases where we are being refused information. They certainly have more people and resources than I do. 🙂

Comments are closed.