Various Health Entities Report Data Breaches Across the U.S.
September 20, 2014 in News
Several health care organizations across the country recently reported data breaches affecting thousands of individuals.
Details of Temple University Breach
Last week, Temple University announced that an unencrypted desktop computer containing personal health information on 3,780 patients was stolen from a university doctor’s office in July, the Philadelphia Inquirer reports (McCullough, Philadelphia Inquirer, 9/13).
According to the university, the computer contained patients’:
- Medical record numbers;
- Names of referring physician;
- Procedure billing codes; and
- Types of procedure (Pedulli, Clinical Innovation and Technology, 9/15).
The university said it immediately alerted the police, HHS and affected patients to the theft (Philadelphia Inquirer, 9/13).
Details of Diatherix Laboratories Breach
Last month, Alabama-based Diatherix Laboratories informed 7,016 patients that their personal health information protected health information was available online for three years, after its contractor, Diamond Computing Company, accidentally made one of its servers accessible via the Internet, Clinical Innovation and Technology reports.
Diatherix said patients’ information initially was exposed online on Sept. 24, 2011, and data– but not any protected health information — was accessed Oct. 16, 2011. However, Diatherix Laboratories said protected health information was accessed March 7, including:
- Account numbers;
- Test dates; and
- Insurance information.
In a few cases, data also included patients’:
- Dates of birth;
- Diagnosis codes;
- Social Security numbers; and
- Types of tests ordered.
The company said it took immediate action once the breach was discovered and shut down the server on July 10. In addition, the company:
- Alerted Google and other search engines to the issue and requesting that all protected health information be removed;
- Conducted a security review of other vendors that have access to protected health information; and
- Worked to ensure that the consulting company has destroyed or secured all patient information stored on the server (Pedulli, Clinical Innovation Technology, 9/12).
Details of Aventura Hospital and Medical Center Breach
HHS data show that a data breach occurred at Florida-based Aventura Hospital and Medical Center between Sept. 13, 2012, and June 9, 2014, that affected about 82,601 people, WLPG Local 10 reports.
Valesco Ventures, a company that provides “hospital staffing and ancillary services,” in a letter said the data breach involved an employee who might have accessed patients’ personal information without proper authorization. According to Valesco Ventures, the improperly accessed data included patients’:
- Birthdates; and
- Social Security numbers (Vazquez, WLPG Local 10, 9/16).
Details of Plastic Surgery and Medical Spa Breach
Plastic Surgery and Medical Spa in Beachwood-Westlake, Ohio, has announced a data breach that could have compromised the protected health information of more than 6,000 patients, Becker’s Hospital Review reports (Jayanthi, Becker’s Hospital Review, 9/12).
In a notice posted on its website, the facility said the breach occurred on June 29 when a computer was stolen from the facility (Plastic Surgery and Medical Spa notice, 2014).
Officials said that the office is equipped with a security and surveillance system, but it was deactivated the night of the incident.
According to officials, the compromised data included patients’:
- Names; and
- Some medical information (Becker’s Hospital Review, 9/12).