Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
August 2, 2019
Company: Mount Sinai Hospital
Location: , New York
Type of breach:
HACK
Type of organization:
MED
Records Breached:
33,730

Location of breached information: Other

Business associate present: Yes

Information Source:
US Department of Health and Human Services
Date Made Public:
May 31, 2012
Company: Mount Sinai Hospital
Location: Miami Beach, Florida
Type of breach:
INSD
Type of organization:
MED
Records Breached:
340

Eleven computer screen printouts of personal information and seven credit cards of Mount Sinai patients were found in a vehicle that was searched after a motorist was stopped for reckless driving.  An employee of Mount Sinai was linked to patient personal information that was found during the traffic stop. She was arrested and accused of accessing and printing the names, Social Security numbers, and dates of birth of 340 patients for identity theft purposes.

Information Source:
PHIPrivacy.net
Date Made Public:
July 8, 2011
Company: The Mount Sinai Hospital
Location: , New York
Type of breach:
PHYS
Type of organization:
MED
Records Breached:
712

Two unencrypted laptop computers containing the electronic protected health information (ePHI) of 712 individuals were stolen from the covered entity's (CE) office. The ePHI included names, dates of birth, social security numbers, diagnostic reports, and demographic information. Upon discovery of the breach, the CE filed a police report to recover the stolen items. As a result of OCR's investigation, the CE improved physical security by installing an exit alarm lock and surveillance camera, and implementing a policy and procedure requiring managers to monitor inappropriate use of the facility's rear exit. The CE also inventoried its ePHI systems and adopted and implemented policies and procedures for workstation security, encryption, security awareness and training, electronic devices, and media controls.

Location of breached information: Laptop

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV