The following is a guest post by David Vogel, blogger for Layered Tech.
2013 was a historic year for HIPAA violations, with more than 5.7 million patients affected and the second-largest breach ever reported in the U.S. Department of Health & Human Services online database.
The year also featured some of the strangest violations ever seen, including some incredible security whiffs, business associate failures, and criminal shenanigans. Let’s dive into the top five “funny if they weren’t true” data breaches of the past year:
News Crew Goes Dumpster Diving for Patient Records
When an Indianapolis parishioner stumbled across medical records in recycling dumpster on church property, an investigative reporter from the local NBC affiliate jumped in, literally. What the reporter found were thousands of patient records containing medical history, Social Security numbers, credit card info and other data.
Upon investigation, the dumped records were tied back to the Comfort Dental offices in Marion and Kokomo Indiana, which closed after the dentist who ran the offices lost his medical license due to fraudulent billing.
You can’t make this sort of thing up.
To add further intrigue, before calling in the Feds, the news crew loaded up the boxes of records and stored them at the studio. According to the reporter, their past experiences with finding private health information taught them the “way to best protect this info and to get action is to do exactly what we did.”
The files have since been handed over to officials, who have determined that 5,388 people were affected.
Indiana news reporter Bob Segall investigates patient records dumped in church recycling bin. Courtesy: WTHR-TV
Miniaturized Medical Data Float Around Fort Worth
In May of 2013, Fort Worth residents found sheets of microfiche from the ’80s and ’90s in a park and other public areas in Fort Worth. The sheets, which contained miniaturized medical records from Texas Health Fort Worth, had been destined for destruction, but apparently lost by the business associate (BA) contracted to shred them.
The bad news for the 277,014 patients potentially affected? The microfiche sheets likely contained Social Security numbers among the medical records. The slight glimmer of hope? Microfiche format and readers have become very rare, lessening the chance of the records being recognized and misused.
Example microfiche sheet via Wikimedia
X-Rays Worth Their Weight in Silver
When Raleigh Orthopaedic Clinic hired a contractor to transfer x-ray films to digital images, they ended up on the wrong side of a nefarious scam. In March, the clinic discovered that their contractor instead sold the films to a recycling company to be scrapped for their silver, leaving the clinic with no digital version of the x-rays, no validation of their destruction, and the 6th-largest HIPAA breach of 2013 (17,300 patients affected).
No Privacy for Kim Kardashian and Baby North West
When celebrities Kim Kardashian and Kanye West checked into L.A.’s Cedars-Sinai Medical …read more
Leave a Reply
You must be logged in to post a comment.