All-Star Orthopaedics and Dermacare Brickell Data Breaches Impact 77,800 Patients

All-Star Orthopaedics has notified patients of Las Colinas Orthopedic Surgery & Sports Medicine in Irving, TX to alert them to the potential theft of some of their protected health information (PHI)/ The PHI was stored on a hard drive that has been discovered to have been stolen.

X-ray and other diagnostic images relating to 76,000 patients were stored on the hard drive along with patients’ names and birth dates. Although the hard drive was unencrypted, in order for the images to be accessed, specialist software would be required. The image files would need to be opened to allow patients’ names and birth dates to be viewed.

The theft took place on November 20, 2018 and the incident was reported to the Department of Health and Human Services’ Office for Civil Rights on January 18, 2019. All-Star Orthopaedics has already sent breach notification letters to all patients affected by the incident.

All-Star Orthopaedics has now implemented new security standards to avert another breach of patients PHI. Encryption of all portable hard drives will now be required before transport.

Dermacare Brickell in Miami has also recently reported a data breach. The medical practice discovered on November 20, 2018 that some paperwork was missing from a storage facility. The documents contained the PHI of about 1,800 patients.

The paperwork was taken out of a secured storage unit at The Vue Condominium, near its office. The files belonged to patients who received healthcare services at Dermacare Brickell from 2010 to 2013.

The medical practice found out that the boxes of files were removed and discarded in a condominium association dumpster. The individual responsible explained that he didn’t look at any of the documents in the boxes and was not aware that they contained patient records.

The improper disposal of paperwork was reported to the Miami Police Department and the Department of Health and Human Services’ Office for Civil Rights has been notified. Patients have been sent breach notifications about the exposure of their PHI. No evidence has been uncovered to indicate there has been any misuse of information in the files.

No financial information or Social Security numbers were included in the files. Only patients’ names, dates of birth, practice treatment notes and past medical histories of the patients.

All patient records will now be kept in a designated place inside Dermacare Brickell’s offices. The practice is currently switching to electronic medical records. Once the process is complete, all paper copies of patient records will be shredded and disposed of securely.