BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Janitorial shredding mix-up causes data breach impacting 13K

From: security curmudgeon <jericho () attrition org>
Date: Tue, 16 Oct 2012 00:42:18 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.clinical-innovation.com/topics/ehr-emr/janitorial-shredding-mix-causes-data-breach-impacting-13k

By Beth Walsh
Clinical-Innovation.com
10/14/2012

A mix-up by a janitorial services firm is the source of a data breach at a 
Springfield, Mo., radiology group practice. Nineteen-member Litton and 
Giddings Radiological Associates (LGRA) has notified about 13,000 patients 
who had billing activity between July 23 and Aug. 2, 2012.

"On Aug. 10, 2012, LGRA learned from its billing company that the 
janitorial services vendor managed by the billing company's landlord had 
inadvertently sent paper billing records to a Springfield recycling center 
without first shredding the records,? according to the notice sent to 
patients. ?More specifically, on two occasions, July 31 and Aug. 2, 2012, 
a janitor removed documents from the locked shred bin and placed them in a 
different, but secured container with other recyclable materials. The 
secured container was transported to the recycling center where the items 
were sorted for recycling, and ultimately, completely destroyed. The 
recycling process is largely mechanized, but workers in the recycling 
facility do, at times, manually sort the materials."

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: