Threatwatch

Ex-employee cribbed surgery center billing information

Insider attack; Stolen credentials; Unauthorized use of employer’s data

As-yet unknown patients had their personal information stolen by a former worker at the Western Regional Center for Brain & Spine Surgery in Nevada.

The data might have been used to commit fraud. The information was taken from the center’s billing files.

“Presently, we are unable to identify the specific patients whose personal health information was actually stolen nor do we know which of those patients whose information was stolen was also used for fraudulent activities,” Robin Hasty, office administrator for WRCBSS, wrote in an warning to patients. “We are therefore notifying all patients whose personal information was in our billing system at the time of the breach.”

The former employee is now the subject of a law enforcement investigation. Authorities informed the center of the breach in May. Patients were notified in July.

The data included Social Security numbers, names, dates of birth and patient billing account numbers.  

sector

Healthcare and Public Health

reported

August 6, 2014

reported by

SC Magazine

number affected

12,000 patients

location of breach

Nevada, United States

perpetrators

Employee

location of perpetrators

Nevada, United States

date breach occurred

from Nov. 28, 2011 to June 29, 2012

date breach detected

May 13, 2014