In July, Las Vegas-based Western Regional Center for Brain & Spine Surgery (WRCBSS) began notifying patients that their personal information – including Social Security numbers – might have been stolen by a former employee and used for fraudulent purposes.
How many victims? 12,000, according to HHS.gov.
What type of personal information? Names, addresses, dates of birth, Social Security numbers and WRCBSS patient billing account numbers.
What happened? A former employee allegedly stole patient data and used it for fraudulent purposes, and is now the subject of a law enforcement investigation.
What was the response? WRCBSS is reviewing its internal policies and procedures, as well as its technology safeguards. All impacted individuals are being notified.
Details: WRCBSS was notified by law enforcement on May 13 of a breach of information related to its billing files. The former employee who is the subject of the investigation worked for WRCBSS in 2011 and 2012. HHS.gov lists the breach as having occurred from Nov. 28, 2011, to June 29, 2012.
Quote: “Presently, we are unable to identify the specific patients whose personal health information was actually stolen nor do we know which of those patients whose information was stolen was also used for fraudulent activities,” Robin Hasty, office administrator for WRCBSS, wrote in the notification to patients. “We are therefore notifying all patients whose personal information was in our billing system at the time of the breach.”
Source: wrcbss.com, “An Important Notification Concerning Data Breach of Certain Patient Information,” July 9, 2014.