Business associate breach affected Greenville Health System patients - Ambucor Health Solutions / Carolina Cardiology Consultants

[swidup]

https://www.databreaches.net/business-associate-breach-affected-greenville-health-system-patients/

[swidup]

http://www.hipaajournal.com/ambucor-health-solutions-breach-greenville-health-system-3666/

[swidup]

http://www.healthdatamanagement.com/news/flash-drive-misuse-creates-a-breach-for-greenville-health

[swidup]

Wentworth-Douglass Hospital was also a victim of this breach. http://healthitsecurity.com/news/physical-therapy-facility-reports-data-security-incident

Note, this article contains multiple incidents. The others are being handled in other issues, and can be ignored.

"Business associate breach affects Delaware facility

A previously reported breach stemming from a remote-monitoring labor service for cardiac devices has reportedly affected another healthcare provider.

Wentworth-Douglass Hospital (WDH) had been working with Ambucor Health Solutions, which recently discovered that thumb drives recovered from one of its former employees contained personal information of thousands of patients nationwide. The drives contained information on 775 WDH patients, according to a Fosters.com article.

While the data did not include Social Security numbers, credit card, insurance, Medicaid/Medicare or other financial information, some personal data may have been exposed.

This includes patients’ names, dates of birth, home addresses, phone numbers, medications, race, testing data, patient identification numbers, medical device information such as the manufacturer, diagnosis, Ambucor enrollment numbers, Ambucor enrollment dates, Ambucor technician names, physician name(s), and the name and address of the practice where the patient was seen.

There is no indication that the data has been misused, but Ambucor has offered affected patients one year of identity protection services. Furthermore, Ambucor will also offer any necessary related recovery services and $1 million of identity theft insurance.

In the original breach, Ambucor had an employee who downloaded GHS information not long before his employment at Ambucor ended. The business associate was given two flash drives in July from law enforcement, which had been turned in when the employee left. Upon learning that information had been downloaded, Ambucor started to notify those potentially affected."

[swidup]

Also Berkshire Medical Center http://www.berkshireeagle.com/stories/hundreds-of-bmc-patients-info-found-on-vendors-thumb-drives,490304

[swidup]

Also Stony Brook Internists, University Faculty Practice Corporation (UFPC) http://healthitsecurity.com/news/unencrypted-flash-drive-lost-privacy-incident-for-2k

[swidup]

Main Line HealthCare https://www.mainlinehealth.org/news/2016/11/11/ambucor-health-solutions-a-main-line-healthcare-vendor-subject-of-patient-information-breach

https://www.abqjournal.com/895989/heart-institute-reports-privacy-breach.html The New Mexico Heart Institute