Broward Health Discovers Breach ‘Linked’ to Florida Identity Theft Gang

Two breaches of protected health information involving healthcare employees have come to light this month, the first of which is understood to have occurred in 2011/2012, although it has only just been made public.

Earlier this year, law enforcement officers visited the home of an individual as part of a routine investigation and discovered documents containing the personal information of patients of Broward Health Imperial Point in Fort Lauderdale, Florida.

According to the Florida Bulldog, the documents were hospital facesheets which contained patients’ names, addresses, phone numbers, dates of birth, Social Security numbers, insurers’ names, insurance guarantor details, emergency contact information, and reasons for visits.

Data are understood to have been removed from Broward Health Imperial Point facilities between November 2011 and March 2012, according to the substitute breach notice on the Broward Health website. It is unclear whether the individual in possession of the data was a current or former employee of Broward Health.

Broward Health’s senior vice president and chief information officer Doris Peek gave a statement that suggested the theft could be linked to a gang of identity thieves that were busted last year.

Peek said the incident was the latest in a string of data thefts that have affected a number of different hospitals in the area. The thieves are known to have targeted the lowest paid hospital workers and offered money in exchange for facesheets. The data were then used to file fraudulent tax returns with the IRS.

Broward Health was notified of the privacy breach on May 12, 2016, although affected patients were not notified of the breach until September 23, 2016. It is unclear why it took four months for the notification letters to be mailed.

In total, 126 former patients have been affected, but due to the length of time it has taken to discover the privacy breach, many of those patients may have since moved. Breach notification letters have therefore been sent to patients’ last known addresses.

Law enforcement has been investigating the incident and has received the full cooperation of Broward Health. Broward Health has since strengthened its policies and procedures to better protect patient data and prevent further breaches from occurring.

VA Eastern Colorado Health Care System Alerts 2K Veterans to Privacy Breach

The Veteran Affairs’ Eastern Colorado Health Care System (ECHCS) has discovered an employee violated the privacy of 2,130 veterans by emailing their electronic protected health information to a personal email account.

An investigation into the incident is ongoing and all affected veterans are now being notified of the breach by mail. It is currently unclear why the information was emailed outside the VA system. ECHCS has not publicly disclosed which information was contained in the emailed documents.

ECHCS director, Sallie Houser-Hanfelder confirmed that “Any time a veteran’s personal information may be compromised, we take the matter very seriously.”

The VA will ensure that appropriate safeguards are put in place to prevent similar privacy breaches from occurring in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.