VA Lawsuit Leads Breach Roundup

Class Action Suit Tied to Laptop Incident
VA Lawsuit Leads Breach Roundup

In this week's breach roundup, a class action lawsuit has been filed against William Jennings Bryan Dorn VA Medical Center in Columbia, S.C., which recently reported a missing laptop. Also, a former employee of a Tennessee mental health facility says she found patient records in the abandoned facility.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

Lawsuit Filed in VA Incident

A class action lawsuit has been filed against William Jennings Bryan Dorn VA Medical Center in Columbia, S.C., which recently notified more than 7,400 patients that their personal information may have been compromised as a result of a missing unencrypted laptop [see: Missing Laptop Affects 7,400].

The lawsuit, which seeks unspecified damages, alleges "willful and intentional actions and reckless disregard" for the affected patients' privacy, according to a release from the Mike Kelly Law Group and Columbia attorney Doug Rosinski, who represent the plaintiffs.

"Because the information was not encrypted or otherwise secured, the threat of identity theft, destruction of credit and health insurance fraud is high," the release states.

On Feb. 11, the laptop was reported missing from the hospital's respiratory therapy department, according to the hospital's notification letter. Stored on the laptop was personal information on veterans who had received pulmonary function tests. That includes test results as well as the last four digits of Social Security numbers and certain demographic information, including age, race, weight and, in some cases, birthdates.

The medical center did not immediately respond to a request for comment.

Records Discovered in Abandoned Facility

A former employee of Lakeshore Mental Health Institute in Knoxville, Tenn., says she found patient records on the floor of an abandoned facility, which closed last year.

The records contained Social Security numbers, names, case numbers, and birth dates, according to local NBC affiliate WBIR.

The abandoned building was easily accessible with the front door wide open and windows broken, the former employee said.

Hospice Reports E-Mail Error

An employee at Hope Hospice in New Braunfels, Texas, used unsecure e-mail to transmit a report of recent referral and admission activity for 818 patients.

The employee sent the information to their own e-mail address on Dec. 27, 2012, and Feb. 22 of this year, according to a notice posted to Hope Hospice's website.

Information in the e-mail included patient names, referral source, referral and admission date, name of insurance company, chart number, county and date of discharge.

The hospice is notifying patients of the incident and recommending that they contact their financial institutions and also reach out to credit bureaus to place a fraud alert on their accounts.

"In response to this incident, all staff members have received additional training, and the agency is performing a comprehensive review to further refine its policies and procedures related to patient privacy and security," the notice said. "Steps are also under way to further improve the security of the agency's operations."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.