18 Million Social Security Numbers Stolen in Undisclosed Gov. Data Breach
Wednesday, June 24, 2015
FindTheBest & GoLocalProv News Team
The data breach that happened earlier this year was revealed to be two separate breaches, the second of which went undisclosed. Officials cite that up to 18 million social security numbers were stolen.
GoLocalProv has teamed up with FindTheBest to highlight the 10 largest government data breaches.
Related Slideshow: Health Data Security Breaches Reported in RI Since 2010
The following are health data breach reports from Rhode Island as listed on the Department of Health and Human Services Office of Civil Rights website.
As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. These breaches are now posted in a new, more accessible format that allows users to search and sort the posted breaches. Additionally, this new format includes brief summaries of the breach cases that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured protected health information to the Secretary.
On January 5, 2010, BCBSRI was notified that a 16 page report pertaining to Brown University's health plan was impermissibly disclosed to two other BCBSRI agents. The reports contained the PHI of approximately 528 individuals. The PHI involved: first and last names, dates of service, cost of medical care provided, and member identification numbers. Following the breach, BCBSRI recovered the reports, received written assurances that any electronic copies of the reports were deleted, notified affected individuals of the breach, implemented new procedure for all outgoing correspondence, and is in the process of auditing all affected member's claim history to ensure no fraud.
"This involved the theft of a pharmacy log book from one of our stores in Columbia, South Carolina back in October 2012. We submitted a report to the OCR in compliance with their reporting requirements. The information in the log book stolen from our Columbia, SC store did not contain any medication, credit card, debit card or bank account information," said CVS Director of Public Relations Mike DeAngelis. "At the time, we sent a notice to patients in Columbia whose information was contained in the log book about the theft. There were no fines associated with this theft. CVS has since moved to an electronic verification system in our pharmacies and we no longer use a paper log book."
The Kent Center in Rhode Island reported that paper records of 1,361 patients were stolen in July. In a notification linked from the homepage of their web site, they write, in part:
On July 13, 2010, a briefcase was stolen from the car of one of our clinicians. Documents in the briefcase included client names, dates of birth, and for some clients involved in the court system, limited clinical information. This did not affect all of the clients we have ever treated and the individuals it did affect have been sent written notifications. We learned about this incident the same day and it has been reported to the Providence Police Department. The briefcase resembled a laptop carrying case and we have no reason to believe the documents in the briefcase were the target of the theft. Other items in the car were stolen and the police informed our employee that there were several car break-ins on the same night in the area.
No financial information, such as social security numbers, addresses, insurance information, guarantor information, credit or debit card information or bank account numbers were included in the documents contained in the briefcase.
On Feb. 8, 2013, Rite Aid Store No. 10217 located at 236 County Rd. in Barrington, RI, determined that a few boxes containing prescription records were found to be missing during a review of the stores’ records. An exhaustive search of the store was conducted and an investigation was completed to determine what happened to the records, but despite our efforts, the boxes could not be found.
It is important to note that the hard copy prescriptions missing from Rite Aid Store No. 10217 do not contain any credit card numbers or social security numbers. There is no evidence to support that any customer information has been misused. As a precaution, the company has engaged the world’s leading risk consulting company Kroll Inc., to alert impacted customers via a letter of notification and share with them the proactive measures it has taken to guard against identity theft. Customers who did not receive a notification letter were likely not affected. No files from any other Rite Aid store were involved.
A covered entity (CE) donated a file cabinet containing the protected health information (PHI) of 12,000 individuals before cleaning it out. The PHI included member's names, addresses, telephone numbers, social security numbers, and Medicare identification numbers. The covered entity (CE) provided breach notification to HHS, the affected individuals, and media, and offered all affected individuals free credit monitoring for a period of one year. Following the breach, the CE sanctioned the employees involved in the incident and held a mandatory training regarding the HIPAA Privacy and Security Rule for all departments involved in the breach. The CE also revised the policy for office moves. OCR obtained assurances that the CE implemented the corrective action listed above.
Women & Infants Hospital announced that on September 13, 2012, the hospital discovered that unencrypted backup tapes containing ultrasound images from two of its ambulatory sites located at 79 Plain Street in Providence, RI and 67 Brigham Street in New Bedford, MA were missing. The hospital immediately began an investigation and conducted a thorough search of its facilities but has been unable to locate the backup tapes.
The backup tapes contained ultrasound studies dating from 1993 to 1997 in Providence and from 2002 to 2007 in New Bedford and included patient names, dates of birth, dates of exam, physicians’ names, patient ultrasound images, and, in some instances, Social Security numbers.
.png)
_80_80_c1.png)
