BreachExchange mailing list archives
Massachusetts EMR firm reports breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 18 Mar 2013 10:22:03 -0400
http://www.phiprivacy.net/?p=12037 Here’s another case, not yet reported in the media, involving insider wrongdoing and electronic medical records: On Tuesday, Lawrence Melrose Medical Electronic Record, Inc. in Melrose, Massachusetts notified the New Hampshire Attorney General’ office that an employee of a medical practice improperly accessed the EMRs and patient registration information of patients at six medical practices in Melrose: Canan Avunduk, MD (Baystate Gastroenterology), Maury Goldman, MD, Hallmark Health Medical Associates, John Mudrock, MD, Main Street Family Practice, and Womens Healthcare Associates. The firm, which does not appear to have its own web site, is listed as a non-profit having its address as 585 Lebanon St., c/o Hallmark Health, Melrose, MA 02176. Their notification to the state, which was filed by their law firm, did not include a copy of their notification letter to patients, so we do not yet know the full scope of information the employee accessed or why. Apatient registration form on one of the practice’s sites, however, suggests that name, contact details, date of birth, Social Security numbers, employment information, insurance information, and emergency contact information were all in the database. Notification letters to two patients in New Hampshire were to be sent on or about March 14. It is not clear how many patients, total, were affected by this incident as the report identifies six medical practices whose patients were affected. In response to the breach, the firm says it is enhancing its privacy and security controls, consulting with professionals about implementing better access control monitoring, and re-training all employees. Affected patients are being offered credit protection and restoration services through Kroll. The letter does not indicate whether the employee has been referred to law enforcement for criminal charges. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Massachusetts EMR firm reports breach Erica Absetz (Mar 18)