[BreachExchange] Stolen Hard Drive Contained PHI of 76, 000 Texas Patients

Destry Winant destry at riskbasedsecurity.com
Wed Jan 30 02:14:57 EST 2019


https://www.hipaajournal.com/phi-76000-texas-patients-stolen-hard-drive/

All-Star Orthopaedics is alerting patients of Irving, TX-based Las
Colinas Orthopedic Surgery & Sports Medicine, PA, that some of their
protected health information (PHI) was stored on a hard drive that has
been stolen.

The hard drive contained X-ray and other diagnostic images of 76,000
patients, along with patients’ names and dates of birth. While the
hard drive was not encrypted, special software is required to access
the images. The image files would need to be opened in order to see
patients’ names and dates of birth.

The hard drive was stolen on November 20, 2018. The theft was reported
to the Department of Health and Human Services’ Office for Civil
Rights on January 18, 2019 and breach notification letters have now
been sent to all affected patients.

The theft has prompted All-Star Orthopaedics to implement new security
protocols to prevent any further breaches of patients PHI and all
portable hard drives will now be encrypted prior to transport.

Dermacare Brickell Data Breach Impacts 1,800 Patients

On November 20, 2018, the Miami medical practice Dermacare Brickell
discovered paperwork containing the PHI of around 1,800 patients was
missing.

The paperwork had been removed from a locked storage unit at The Vue
Condominium, close to its office. The files related to patients who
had received medical services at the practice between 2010 and 2013.

The medical practice determined that boxes of files had been
mistakenly removed and disposed of a condominium association dumpster
along with regular trash. The person responsible assured the practice
that he did not read any of the files in the boxes and was unaware
that the boxes contained patient files.

The improper disposal has been reported to the Miami Police Department
and patients have been notified as a precaution, although no evidence
has been uncovered to suggest any information has been viewed by
unauthorized individuals or misused.

The files did not contain financial information or Social Security
numbers, only names, birth dates, previous medical histories as
provided by patients, and practice treatment notes.

All patient files will now be stored within its offices. The practice
is in the process of transitioning to electronic medical records and
all paper copies of records will be shredded once that process has
been completed.


More information about the BreachExchange mailing list