HIPAA Breach: 1,111 Veteran Records Improperly Dumped
The Department of Veterans Affairs has announced the potential exposure of 1,111 veteran health records after files containing Personally Identifiable Information (PII) and Protected Health Information (PHI) were accidentally tossed in a dumpster. The files were thrown out with regular waste by an employee of the VA Hot Springs Hospital in South Dakota on Friday, May 15, during a move to a different location. The files were mistaken for regular rubbish, and would have remained in the publically accessible dumpster were it not for a vigilant employee who noticed the dumped files two days later. The improper dumping was reported to the Veterans Affairs police, who went dumpster diving to retrieve the files. According to a press release issued by the Fort Meade-based VA Black Hills Health Care System, an investigation was launched after the incident came to light. Public Affairs Officer, Teresa Forbes, was interviewed by the Rapid City Journal on Friday last week, and said “It was just an unfortunate mistake during an office move.” The box of files appeared not to have been tampered...
Husband-Wife Tax Fraudsters Get 231 Months Jail Time
A former employee of Tift Regional Hospital has recently been sentenced to serve 84 months in jail for fraudulently submitting 1,100 bogus tax returns, including making 531 tax claims using the data of 16 year olds. Her husband has been sentenced to serve 147 Months in the Bureau of Prisons. Both are required to pay restitution of $1,107,802.00 to the IRS. United States Attorney for the Middle District of Georgia, Michael J. Moore, recently announced Honorable W. Louis Sands’ verdict on Mrs. Patrice Taylor, 34 and her co-conspirator husband, Antonio Taylor, 44, both of Ashburn, Georgia. The total loss suffered by the IRS was $1,199,897.00 Sentencing took place on July 27, 2015 with Mrs. Taylor convicted of aggravated identity theft and conspiracy to commit wire fraud. Taylor had previously pled guilty to the offences and took a plea deal. She admitted to committing the offenses between January 2011 and February 2013. According to evidence presented at trial, Mrs. Taylor used Social Security numbers obtained during her employment at Tift Regional Hospital to file the tax returns....
Foreign Hacker Responsible for Siouxland Pain Clinic Data Breach
A foreign hacker has gained access to Siouxland Pain Clinic’s patient data, according to a statement released by the healthcare provider’s attorney. The hacker managed to infiltrate the healthcare provider’s computer network, potentially obtaining the Protected Health Information of approximately 13,000 of its patients. The hacker is understood to have first gained access to the Iowa healthcare provider’s computer network on March 26, 2015, with access reportedly continuing until April 2. Siouxland Limited, which operates the Siouxland Pain Clinic, was notified of the security breach on June 26. The statement was issued on Friday, 31 July, with further information released a few days later. It is not clear why access to the computer systems stopped on April 2, and how it then took over two months for the incident to be discovered. The incident is still under investigation, with the healthcare provider having enlisted the help of a private cybersecurity firm to determine the extent of the incident, the data exposed, and whether any of that data has been copied. The news of the...
North East Medical Services HIPAA Breach Reported: 69,246 Affected
A HIPAA breach has been reported by North East Medical Services. The Protected Health Information of almost 70,000 patients has potentially been exposed after an unencrypted laptop was stolen from the car of a NEMS employee’s car. According to a breach notice sent to the California Department of Public Health, the incident occurred on July 11, 2015. The laptop was left in the locked trunk of a vehicle from where it was subsequently stolen. The healthcare provider was alerted to the equipment theft on July 13. North East Medical Services HIPAA Breach Exposed “Limited Personal Information” The investigation launched following the crime revealed that the laptop contained data relating to 69,246 patients, which according to the breach notice, consisted of one or more of the following data elements: Patient name, gender, date of birth, address, phone numbers, and pay/insurer information. No medical records were stored on the laptop, although some patients’ diagnoses, test results, medications, treatments and appointment times were listed in spreadsheets stored on the computer. No...
Data Breach Sparks Medical Informatics Engineering Lawsuit
A Medical Informatics Engineering lawsuit has been filed in Fort Wayne for the security breach that exposed the data of 3.9 million Americans. These days, data breach victims are signed up by lawyers within hours of breach notices being posted. The latest lawsuit is no exception, with the mailing of the breach notification letters only completed on July 25, 2015. The Medical Informatics Engineering lawsuit was filed by Irwin B. Levin, managing partner of Indianapolis law firm Cohen & Malad LLP, on behalf of James Young, who had his health data and Social Security number exposed in the May 26, 2015 cyberattack. The lawsuit has been filed in the U.S. District Court in Fort Wayne. A spokesman for Medical Informatics Engineering, Jeff Donnell, told the Fort Wayne Journal Gazette, “We are aware of the suit, and we are currently reviewing it. Our primary focus at this time is on our response to those affected by this cyberattack.” Young does not appear to have suffered identity theft of fraud as a result of the exposure of his data; instead the suit has been filed against MIE for...



