Paper Records Breach Leads RoundupHospital Employee Removed Registration Information
In this week's breach roundup, Broward Health Medical Center in Fort Lauderdale, Fla., is notifying patients about a breach after a former employee inappropriately removed registration face sheets from the hospital. Also, Seton McCarthy Community Health Center in Austin, Texas, is notifying several thousand patients about the theft of an unencrypted laptop.
See Also: The Global State of Online Digital Trust
Paper Records Removed from Hospital
Broward Health Medical Center in Fort Lauderdale, Fla., is notifying 960 patients about a breach after a former employee inappropriately removed registration face sheets from the hospital.
Information contained on the face sheets includes patient name, address, date of birth, insurance policy numbers, and reason for visit, according to a notice on the hospital's website. In the instances where health plans use Social Security numbers as insurance policy numbers, only the last four digits were displayed, the hospital said.
"Broward Health has been cooperating with local and federal law enforcement since June 2013 to investigate the incident, identify those responsible, identify the potentially affected individuals and information, and to take steps to reduce the risk to patient information security," the hospital said.
Impacted individuals include those who visited Broward Health Medical Center between October and December in 2012.
Clinic Reports Laptop Theft
Seton McCarthy Community Health Center in Austin, Texas, is notifying 5,500 patients about the theft of an unencrypted laptop.
After discovering the laptop was stolen Oct. 4, the clinic notified local police, according to a statement posted to the healthcare clinic's website.
The laptop contained patients' names, addresses, phone numbers, dates of birth, medical record numbers, patient account numbers, some Social Security numbers, diagnosis information, immunization records and insurance information, the statement said.
The clinic is providing impacted patients one year of free identity theft protection services. It has set up a frequently asked questions page.
Prisoner Information Exposed in E-Mail Mishap
The UK Information Commissioner's Office has fined the Ministry of Justice Â£140,000 after information on 1,182 inmates at the HMP Cardiff prison was e-mailed to three of the inmates' families.
HMP Cardiff is located in the Adamsdown area of Cardiff, Wales.
One of the recipients contacted the prison on Aug. 2, 2011, to report that they had received an e-mail from the prison clerk regarding an upcoming visit, according to the ICO. The e-mail included a file containing information on the 1,182 inmates, such as names, ethnicity, addresses, sentence length, release dates and coded details of the offenses.
The same error occurred on two previous occasions, the ICO said. Police and a member of the prison staff went to the recipients' homes to ensure that the files had been deleted.
An investigation by the ICO found that there was a lack of management oversight at the prison. There was also a lack of audit trails which meant the disclosures would have gone unnoticed, the ICO said.
"The potential damage and distress that could have been caused by this serious data breach is obvious," said David Smith, deputy commissioner and director of data protection at the ICO. "Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses."