VA Lawsuit Leads Breach RoundupClass Action Suit Tied to Laptop Incident
In this week's breach roundup, a class action lawsuit has been filed against William Jennings Bryan Dorn VA Medical Center in Columbia, S.C., which recently reported a missing laptop. Also, a former employee of a Tennessee mental health facility says she found patient records in the abandoned facility.
Lawsuit Filed in VA Incident
A class action lawsuit has been filed against William Jennings Bryan Dorn VA Medical Center in Columbia, S.C., which recently notified more than 7,400 patients that their personal information may have been compromised as a result of a missing unencrypted laptop [see: Missing Laptop Affects 7,400].
The lawsuit, which seeks unspecified damages, alleges "willful and intentional actions and reckless disregard" for the affected patients' privacy, according to a release from the Mike Kelly Law Group and Columbia attorney Doug Rosinski, who represent the plaintiffs.
"Because the information was not encrypted or otherwise secured, the threat of identity theft, destruction of credit and health insurance fraud is high," the release states.
On Feb. 11, the laptop was reported missing from the hospital's respiratory therapy department, according to the hospital's notification letter. Stored on the laptop was personal information on veterans who had received pulmonary function tests. That includes test results as well as the last four digits of Social Security numbers and certain demographic information, including age, race, weight and, in some cases, birthdates.
The medical center did not immediately respond to a request for comment.
Records Discovered in Abandoned Facility
A former employee of Lakeshore Mental Health Institute in Knoxville, Tenn., says she found patient records on the floor of an abandoned facility, which closed last year.
The records contained Social Security numbers, names, case numbers, and birth dates, according to local NBC affiliate WBIR.
The abandoned building was easily accessible with the front door wide open and windows broken, the former employee said.
Hospice Reports E-Mail Error
An employee at Hope Hospice in New Braunfels, Texas, used unsecure e-mail to transmit a report of recent referral and admission activity for 818 patients.
The employee sent the information to their own e-mail address on Dec. 27, 2012, and Feb. 22 of this year, according to a notice posted to Hope Hospice's website.
Information in the e-mail included patient names, referral source, referral and admission date, name of insurance company, chart number, county and date of discharge.
The hospice is notifying patients of the incident and recommending that they contact their financial institutions and also reach out to credit bureaus to place a fraud alert on their accounts.
"In response to this incident, all staff members have received additional training, and the agency is performing a comprehensive review to further refine its policies and procedures related to patient privacy and security," the notice said. "Steps are also under way to further improve the security of the agency's operations."