Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
April 1, 2019
Company: Myriad Genetic Laboratories, Inc.
Location: , Utah
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,719

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
March 29, 2014
Company: Myriad Genetic Laboratories, Inc.
Location: , Utah
Type of breach:
DISC
Type of organization:
MED
Records Breached:
643

An employee of the covered entity (CE), Myriad Genetic Laboratories, Inc., emailed unsecured protected health information (PHI) to his personal email account as a means of storing the information he used to carry out his job functions. The PHI of the affected 643 individuals included patients’ names, dates of birth, addresses, physicians’ name, genetic test results, test identification numbers, family and personal medical histories, and family pedigree information. The CE provided breach notification to HHS and affected individuals and also posted substitute notice of the breach. It also provided one year of free identify theft protection services to affected individuals. Following the breach, the CE revised its procedures for encrypting emails containing PHI and retrained the employee who had caused the breach. OCR provided technical assistance regarding the risk analysis and risk management requirements of the Security Rule.

Location of breached information: Email

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV