Data Breaches

Breach Subtotal

Breach Type: CARD, HACK, INSD, PHYS, PORT, STAT, DISC, UNKN
Organization Type: BSF, BSO, BSR, EDU, GOV, MED, NGO, UNKN
Year(s) of Breach: 2018
Company or Organization: all
Date Made Public:
February 2, 2018
Company: Ron's Pharmacy Services
Location: , California
Type of breach:
HACK
Type of organization:
MED
Records Breached:
6,781

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 2, 2018
Company: Triple-S Advantage, Inc.
Location:
Type of breach:
DISC
Type of organization:
MED
Records Breached:
36,305

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 2, 2018
Company: Doral Corporation
Location: Milwaukee, Wisconsin
Type of breach:
HACK
Type of organization:
BSF
Records Breached:
335

The Doral Corporation experienced a phishing attack that resulted in the exposure of 335 records. Exposed records included social security numbers in combination with first and last names.

Information Source:
Security Breach Letter
Date Made Public:
February 2, 2018
Company: Make-up Designory
Location: Valencia, California
Type of breach:
DISC
Type of organization:
EDU
Records Breached:
670

According to the data breach notification form sent to the Indiana Office of Attorney General, "Each January our client is required to send a tax document (1098-T Statement) to students and graduates. The information for this form i s gathered by Its accounting office and securely transferred to a certified public accounting firm. The accounting firm works with a financial communications service provider that specializes in creating and mailing these and similar type tax forms to be sent by US mall. This year was no different, except an error occurred In the preparation of the mailing that cause three individual ta~documents to be placed In one envelope, As a result, some students received their own 1098-T Statements and Statements fur two other students. We are contacting all students affected by this Incident to notify them of the unintentional disclosure and requesting the return of all 1098-T Statements that were mailed in error. We will follow-up with such students to confirm that the Statements are returned to the school and/or destroyed."

Information Source:
Security Breach Letter
Date Made Public:
February 1, 2018
Company: Steven Yang, D.D.S., Inc.
Location: Reseda, California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1

What Happened On the morning of January 6, 2018,  dental office was burglarized and two laptops were stolen. Once discovered, the matter was immediately reported to the Los Angeles Police Department and an internal investigation was started to determine what, if any, health information may have been stored on those devices.

What Information Was Involved An investigation has determined that files contained on those devices may have included names, addresses, social security numbers, health insurance numbers and other information regarding California citizens' dental care. To date, they have been unable to locate the stolen devices. 

Information Source:
Security Breach Letter
Date Made Public:
February 1, 2018
Company: Forrest General Hospital
Location: , Mississippi
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,670

Location of breached information: Email

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
February 1, 2018
Company: Coastal Cape Fear Eye Associates, P.A.
Location: , North Carolina
Type of breach:
HACK
Type of organization:
MED
Records Breached:
925

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
February 1, 2018
Company: Remote DBA Experts, LLC
Location: Warrendale, Pennsylvania
Type of breach:
DISC
Type of organization:
NGO
Records Breached:
281

Remote DBA Experts, LLC experienced a phishing attack that resulted in the exposure of 281 records.  According  to the breach notification letter they provided to the Indiana Office of Attorney General, "On January 17, 2018, an unauthorized individual impersonating an RDX executive emailed an RDXemployee  to request 2017 W-2 infonnation for our employees. Before we determined that the request wasfraudulent, the employee provided the data to the unauthorized third party. The data included your first name,last name, mailing address, Social Security number, and 2017 compensation and deduction information."

Information Source:
Security Breach Letter
Date Made Public:
January 31, 2018
Company: Children's Mercy Hospital
Location: , Missouri
Type of breach:
HACK
Type of organization:
MED
Records Breached:
63,049

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 29, 2018
Company: QuadMed
Location: , Wisconsin
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,549

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 26, 2018
Company: Steven Yang, D.D.S., INC.
Location: , California
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,202

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 26, 2018
Company: Decatur County General Hospital
Location: , Tennessee
Type of breach:
HACK
Type of organization:
MED
Records Breached:
24,000

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 26, 2018
Company: Scoppechio
Location: Louisville, Kentucky
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
204

Scoppachio, an advertising agency, experienced a phishing incident that resulted in the exposure of 204 records.

Information Source:
Security Breach Letter
Date Made Public:
January 25, 2018
Company: Rocky Mountain Women's Health Center, Inc.
Location: , Utah
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,123

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 25, 2018
Company: Zachary E. Adkins, DDS
Location: , New Mexico
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
3,677

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 23, 2018
Company: Central States Southeast and Southwest Areas Health and Welfare Fund
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
634

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 23, 2018
Company: Carite Inc.
Location: Madison Heights, Michigan
Type of breach:
HACK
Type of organization:
BSO
Records Breached:
346

On 1/17 2018 Carite Inc. suffered a breach affecting 346 records, including social security numbers and names. 

Information Source:
Security Breach Letter
Date Made Public:
January 22, 2018
Company: RGH Enterprises, Inc.
Location: , Ohio
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,586

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 22, 2018
Company: Robert Smith DMD, PC
Location: , Tennessee
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,500

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 22, 2018
Company: Housing Authority of the City of Charlotte
Location: Charlotte, North Carolina
Type of breach:
HACK
Type of organization:
GOV
Records Breached:
341

An email was sent purportedly from the CEO requesting W-2s for 2016 and 2017. The staff member thought it was the CEO and sent the information.

Information Source:
Security Breach Letter
Date Made Public:
January 22, 2018
Company: Netcracker Technology Corporation
Location: Waltham, Massachusetts
Type of breach:
HACK
Type of organization:
BSR
Records Breached:
9

Between approximately January 4, 2018 and January 12, 2018, Netcracker learned that a few of its employees were the target of an e-mail phishing incident. Those employees received an email that appeared to be from Netcracker's payroll provider, Automatic Data Processing (“ADP”). Employees who clicked on a link in the e-mail and entered their ADP login information on the landing page enabled access by the scammer to their ADP account and to view personal information in that account. The account contains employees' personal information, including financial account number, e-mail address and ADP username with password or security question and answer, and Social Security number. The employee's ADP account does not contain driver's license number or state identification card number, any credit or debit card number, or medical or health insurance information.

Information Source:
Security Breach Letter
Date Made Public:
January 19, 2018
Company: Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc.
Location: , Maryland
Type of breach:
HACK
Type of organization:
MED
Records Breached:
5,228

Location of breached information: Desktop Computer, Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2018
Company: The Pediatric Endocrinology and Diabetes Specialists
Location: , Nevada
Type of breach:
HACK
Type of organization:
MED
Records Breached:
1,021

Location of breached information: Desktop Computer, Electronic Medical Record, Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 18, 2018
Company: Gillette Medical Imaging
Location: , Wyoming
Type of breach:
DISC
Type of organization:
MED
Records Breached:
4,476

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 17, 2018
Company: Franciscan Health Indianapolis
Location: Indianapolis, Indiana
Type of breach:
DISC
Type of organization:
MED
Records Breached:
2

On 1/6/2018 Franciscan Health Indianpolis suffered a hack that affected 2 records, including names as well as driver's license numbers.

Information Source:
Security Breach Letter
Date Made Public:
January 15, 2018
Company: High Plains Surgical Associates
Location: , Wyoming
Type of breach:
DISC
Type of organization:
MED
Records Breached:
607

Location of breached information: Paper/Films

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
January 12, 2018
Company: Western Washington Medical Group Inc.
Location: , Washington
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
842

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 12, 2018
Company: Pedes Orange County, Inc.
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
917

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 12, 2018
Company: Onco360 and CareMed Specialty Pharmacy
Location: , Kentucky
Type of breach:
HACK
Type of organization:
MED
Records Breached:
53,173

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 9, 2018
Company: Alicia Ann Oswald
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
800

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 8, 2018
Company: Charles River Medical Associates, pc
Location: , Massachusetts
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
9,387

Location of breached information: Other Portable Electronic Device

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 8, 2018
Company: Palomar Health (Palomar Medical Center (Escondido)
Location: , California
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,309

Location of breached information: Electronic Medical Record

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 5, 2018
Company: Agency for Health Care Administration
Location: , Florida
Type of breach:
HACK
Type of organization:
MED
Records Breached:
30,000

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 5, 2018
Company: Oklahoma State University Center for Health Sciences
Location: , Oklahoma
Type of breach:
HACK
Type of organization:
EDU
Records Breached:
279,865

Location of breached information: Network Server

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
January 2, 2018
Company: Penn Medicine
Location: , Pennsylvania
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
1,050

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV