Get in front of physical data breaches and drug diversion risks that threaten your organization with Senseon’s Physical Security Breach Roundup. We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.

In a rare case for healthcare, breaches have dropped significantly this month, plummeting from 2 million people impacted to 883,000 people dealing with newly exposed data. Still, a few incidents stand out.

Housekeeping Error Plagues Minnesota Patients

Minnesota Eye Consultants is fielding calls from concerned patients after finding out that portions of medical records for over 4,000 patients were not properly destroyed. The company said that containers that were storing patient medical records were accidentally dumped into a recycling bin by a new housekeeping service. While the service claims that recyclable material is compacted on-site before it’s transferred, there’s still a possibility that some patient information could be at risk. 

Theft at Gulfport Anesthesia 

While little information is available, reports of a theft from Gulfport Anesthesia Services have emerged. The theft, occurring on March 26, impacted 20,000 people and it appears that others were targeted. 

Mixup of Veteran Records Causes Confusion in West Virginia

Veterans who received treatment at the VA Medical Center in Martinsburg have been left wondering whether their information was disclosed to strangers. Diagnostic lab results, along with imaging results, and appointment scheduling letters were sent to the wrong people on February 13. The issue was discovered 3 days later and is being blamed on Xerox. The VA is in the process of mailing out corrected letters and responding to concerned veterans. 

Hospitals Being Held Responsible

Breach rates might be falling, but we’re seeing more reports of hospitals and health systems having to fork over fat checks to make up for gaps in security.

UCLA is on the hook to pay $7.5 million in a class-action suit from a breach in 2014. They originally thought no records had been compromised, but by May of 2015 found out that hackers had breached PHI. The attack ended up affecting 4.5 million patients. HHS decided that UCLA had followed protocol. So why the suit?

Patients still weren’t satisfied. Their argument is that UCLA Health did not notify them in a timely manner, constituting a  breach of contract and negligence to protect their information.

Meanwhile, in Connecticut, a patient is suing University of Connecticut Health over claims that it didn’t implement reasonable security procedures and protocols. The suit alleges that hackers “had months to access, view, and steal patient data unabated.” The health system is being sued for not recognizing the breach, putting the privacy of patients in jeopardy, and not promptly notifying affected patients.

UConn Health says that it discovered the attack on December 24, but didn’t begin notification of the 326,000 affected patients until February. The New London woman filing the suit says that she has noticed fraudulent bank account activity as a result of the breach.

Nurse Raids Three Nursing Homes

On the drug diversion front, a Wisconsin nurse has been charged with victimizing three nursing homes.

The 36-year-old has been charged with four counts of obtaining a controlled substance by fraud, and two more counts of misdemeanor theft. They all occurred why she was employed by Atrium Health Care. The acts were discovered after another employee went to police and informed them that her name had been forged in a book that keeps track of narcotic counts — oxycodone had been signed out with conflicting signatures 11 times. The offending nurse was identified and confessed to taking Vicodin, Oxycodone, and Lorazepam.

Want to learn more about what you can do to prevent security breaches with cabinet-level access control? Contact us today!