BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

MA: Paper Data Breach Hits Four Hospitals

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 14 Aug 2010 23:24:03 -0400
Four community hospitals in Massachusetts and their associated
pathology practices are investigating major breaches after tens of
thousands of paper pathology records were found at a recycling station
by a Boston Globe photographer who was dropping off his trash.

Like what you see? Click here to sign up for Health Data Management's
daily newsletter to get the latest news in health care I.T.
The hospitals are Carney Hospital, Holyoke Medical Center, Milford
Regional Medical Center and Milton Hospital. The records were dumped
by the former owner of a billing company who sold the company around
June 1, with the new owner retaining only records from 2010, according
to the newspaper.

The dumped records appear to be pathology reports from 2007 to early
2010, which include names, addresses, dates of birth, diagnoses,
insurance policy numbers and Social Security numbers. The Carney,
Holyoke and Milton facilities have posted public notices of the breach
on their Web sites while investigations continue. Milton Hospital
believes more than 15,252 tests were performed during the three-year
period on 8,000 to 12,000 patients. Holyoke Medical Center's initially
estimates the breach affects 16,000 to 24,000 of their patients.

The Milford and Carney facilities do not yet have estimates on how
many patients were affected. Milford was notified of the breach on
Aug. 12 and expects soon to have additional information and a notice
on its Web site, according to a spokesperson.

Officials at two hospitals told the Globe that the former owner of the
billing company acknowledged he had the records dropped off at the
recycling site. The former owner declined to speak to the newspaper,
noting the issue may become a legal matter.

To access the hospital's online public, visit caritaschristi.org,
holyokehealth.com and miltonhospital.org.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: