BreachExchange mailing list archives
Stolen Hard Drive Contained PHI of 76, 000 Texas Patients
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 30 Jan 2019 01:14:57 -0600
https://www.hipaajournal.com/phi-76000-texas-patients-stolen-hard-drive/ All-Star Orthopaedics is alerting patients of Irving, TX-based Las Colinas Orthopedic Surgery & Sports Medicine, PA, that some of their protected health information (PHI) was stored on a hard drive that has been stolen. The hard drive contained X-ray and other diagnostic images of 76,000 patients, along with patients’ names and dates of birth. While the hard drive was not encrypted, special software is required to access the images. The image files would need to be opened in order to see patients’ names and dates of birth. The hard drive was stolen on November 20, 2018. The theft was reported to the Department of Health and Human Services’ Office for Civil Rights on January 18, 2019 and breach notification letters have now been sent to all affected patients. The theft has prompted All-Star Orthopaedics to implement new security protocols to prevent any further breaches of patients PHI and all portable hard drives will now be encrypted prior to transport. Dermacare Brickell Data Breach Impacts 1,800 Patients On November 20, 2018, the Miami medical practice Dermacare Brickell discovered paperwork containing the PHI of around 1,800 patients was missing. The paperwork had been removed from a locked storage unit at The Vue Condominium, close to its office. The files related to patients who had received medical services at the practice between 2010 and 2013. The medical practice determined that boxes of files had been mistakenly removed and disposed of a condominium association dumpster along with regular trash. The person responsible assured the practice that he did not read any of the files in the boxes and was unaware that the boxes contained patient files. The improper disposal has been reported to the Miami Police Department and patients have been notified as a precaution, although no evidence has been uncovered to suggest any information has been viewed by unauthorized individuals or misused. The files did not contain financial information or Social Security numbers, only names, birth dates, previous medical histories as provided by patients, and practice treatment notes. All patient files will now be stored within its offices. The practice is in the process of transitioning to electronic medical records and all paper copies of records will be shredded once that process has been completed. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Stolen Hard Drive Contained PHI of 76, 000 Texas Patients Destry Winant (Jan 30)