Search this site

CONNECT WITH US!

Medical Data Breaches

Reported breaches in the healthcare field are occurring on a daily basis.  Below are a list of companies which recently became public.  We can help your practice stay off this list - at little or no cost.

 
How many patient records are under your care? The average cost of a breach for a medical organization is $282 per record.

# records you manage:________  x  $282  = $_________

As is the case in most breaches, these were primarily caused by employee error.  There are many lessons to be learned in these stories of how to minimize the risk of breaches and how to best handle a data breach incident.  For many organizations the mishandling of these breaches can be far more costly than the breach itself.  In addition to our training we also provide a Breach Incident Response plan to our clients.

Nov. 18, 2009 Health Net
The personal information for almost half a million could be at risk after a portable disk drive disappeared from Health Net six months ago. Health Net is a regional health plan and the drive included health information, Social Security number and bank account numbers for 1.5 million patients nationally

(Lakeport, CA)
Sutter Lakeside Hospital has announced to 45,000 former patients, employees and physicians that their personal information was on a stolen laptop.  The laptop contained personal and medical information dating from 2005. A contractor took the laptop home, where it was stolen. The contractor went against hospital policy by downloading the information to the laptop’s hard drive.  The employee had access to work on the information through a virtual private network, but was not authorized to download it. 

Oct. 6, 2009 BlueCross BlueShield Assn.
A file containing identifying information for every physician in the country contracted with a Blues-affiliated insurance plan was on a laptop computer stolen from a BlueCross BlueShield Assn. employee.  The employee downloaded the unencrypted file against company policy.  The file included the name, address, tax identification number and national provider identifier number for about 850,000 doctors.   

June 30, 2009 Sutter Health
(Sacramento, CA) Hundreds of current and former employees with Sutter Health had their personal data compromised. The company's Sacramento Sierra region were contacted by a computer repair shop. "The repair people did the right thing and told us they had our laptop," said Sutter Communication Coordinator . The laptop contained names and Social Security numbers of 6,000 Sutter Health workers.

Sept. 22, 2009 Sagebrush Medical Plaza/Kern Medical Center
(Bakersfield, CA) Thousands of patients at a Kern County health clinic have been warned their personal information could have been stolen. A break-in happened at the Sagebrush Medical Plaza in July, and Kern Medical Center officials have notified 31,000 patients to take precautions against possible identity theft. One or more unknown individuals broke into a locked storage area that contained confidential patient information. All patient information has now been moved to a location inside the clinic building.

Nov. 20, 2009 University Medical Center
(Las Vegas, NV) Someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries. Private information about accident victims treated at University Medical Center has apparently been leaking for months....

Sept. 25, 2009
Doctors' offices in Tennessee have been accidentally sending patient information, including Social Security numbers and medical histories, to an Indiana businessman's fax machine for the past three years. The sensitive medical information was supposed to be sent to the Tennessee Department of Human Services, but the owner of SunRise Solar Inc. in Indiana, says hundreds of confidential medical faxes having been coming to him.

Sept. 28, 2009 Penrose Hospital
(Colorado Springs, CO) Officials at Penrose Hospital believe someone has stolen the personal information of 175 patients. The missing information consists of names, addresses, phone numbers, Social Security numbers and the reason for the patients' visits. The information was stored on a computer print-out and kept in a binder stored in a cabinet. The print out has gone missing.

(Salt Lake City, UT)  Names, credit card numbers, Social Security numbers: information Daron Breinholt did not go looking for, but found Thursday morning when he took out the trash from the shoe distribution center, where he works.  I was just throwing away some stuff (in a dumpster), and it was chock full of medical records, said Breinholt. There's everything in there from canceled checks to routing numbers."