Three other breaches you may not have known about

In addition to other blog entries posted today, a recent update to HHS’s breach tool indicates three more reports that have not been reported in the media:

Southern Perioperative Services, P.C. in Alabama reported that 2,000 patients had PHI on a device that was stolen on or about November 17.  Their web site is parked and I find no information on the site or in media sources about the breach.

Friendship Center Dental Office in Ocala, Florida reported that 2,200 patients had PHI on a laptop that was stolen on or about December 20.  I cannot find any web site for them or any media coverage of the incident.

Franciscan Medical Group in Washington reported that 1,250 patients had PHI on a computer stolen on or about November 18.  I cannot find any statement on their web site or in the media about the incident and it’s not indicated which of their hospitals or medical facilities was the one whose computer was stolen.

Once again, it seems, the HHS breach tool informs us of breaches we might otherwise not know about.  Of the nine most recent entries, we had only known about three of them.

The HHS tool also provides updates that we may not learn of otherwise.  As one example, the Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan incident, which received wide media attention last year when it seemed that 280,000 people had data on the missing flash drive, was subsequently updated to indicate that 808 patients were affected – not 280,000.   HHS updates also provide us with additional details on the types of information involved.  In a number of cases, the annotated breach reports indicate the Social Security Numbers as well as health information were involved and that those breaches should probably be included in databases maintained by the Identity Theft Resource Center.

If anyone has additional details on the three newly revealed breaches listed above, please use the Comments section to add them.

About the author: Dissent