Healthcare Information Security

Latest Health Data Breaches News

Stolen Laptop Leads to Possible Health Data Breach in CO

Recent cases of possible health data breaches include a stolen laptop, patient data being found in an individual’s home, and a vendor inappropriately downloading information.

By Elizabeth Snell

MGA Home Healthcare Colorado, Inc. is notifying 3,119 patients and some employees that their information may have been compromised after a laptop was stolen from an employee’s locked vehicle.

Potential health data breach stems from stolen laptop in Colorado

The incident reportedly took place sometime between August 19, 2016 and August 20, 2016, with MGA making the discovery on August 20. Law enforcement was notified and MGA said that it “has been conducting a thorough review of the potentially affected records to confirm what information was exposed.”

In an online statement, MGA said that the laptop may have contained names, addresses and other demographic information. For patients specifically, information about MGA-provided healthcare services may have also been exposed. Furthermore, approximately 32 patients had their Social Security number or driver’s license number included in the laptop.

“MGA has no evidence that the information on the laptop has been accessed or used,” MGA maintained. “As a precaution, MGA is offering identity theft protection services to affected individuals. MGA is committed to the privacy of its patients’ and employees’ information and regrets any concerns or inconveniences that this incident may have caused.”

Broward Health reports data breach affecting 126 patients

Florida-based Broward Health recently announced that it became aware of a health data breach that potentially affects 126 former patients.

Law enforcement authorities notified Broward on May 12, 2016 that certain patient information was discovered in an individual’s home during a routine investigation.

“The data removal is believed to have occurred between November 2011 and March 2012,” Broward explained. “We have notified 126 former patients or their listed next of kin of the privacy breach by mailing a letter to their last known address on September 23, 2016.”

An unauthorized individual reportedly removed registration Facesheets from Broward Health Imperial Point without authorization. These Facesheets may have contained full names, dates of birth, addresses, phone numbers, Social Security numbers, primary insurance providers, insurance guarantors, reasons for visit, employers, emergency contact/next of kin, and their addresses and phone numbers. Broward added that test results and other medical information rae not included on Facesheets.

Patients who may be affected visited Broward Health Imperial Point between November 2011 and March 2012, according to the statement.

In response to the incident, Broward said that it “is re-educating staff members and strengthening procedures surrounding the protection of our patients’ personal information.”

Broward Health Senior Vice President and CIO told the Florida Bulldog that the breach was the latest such incident in a series of data thefts at Florida hospitals, including Fort Lauderdale’s Holy Cross, Hollywood’s Memorial Regional and the University of Florida’s Shands Hospital in Gainesville.

Peek added that a known identity theft ring has paid hospital registrars to give them copies of Facesheets.

S.C. health system reports vendor inappropriately downloaded data

Greenville Health System (GHS) in South Carolina recently reported that one of its vendors had inappropriately downloaded patient data, potentially affecting 2,500 patients.

GHS had been working with Ambucor Health Solutions, which is a remote-monitoring labor service for cardiac devices. Ambucor reportedly had an employee who downloaded GHS information not long before his employment at Ambucor ended, according to a WSPA report.

Ambucor was given two flash drives in July from law enforcement, which had been turned in when the employee left. Ambucor began to notify patients once it learned that data had been downloaded.

Potentially affected information may include the patient’s name, date of birth, home address, phone number, race, diagnosis, medications, testing data, patient identification number, medical device information (such as the manufacturer, identification number and model/serial numbers), Ambucor enrollment number, Ambucor enrollment date, Ambucor technician name, physician name(s) and the name and address of the practice where the patient was seen.

“GHS and Carolina Cardiology Consultants take patient privacy seriously and deeply regret any inconvenience or concern this incident may cause our patients,” Dr. Joseph Manfredi, ambulatory director of electrophysiology, told the news source.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks