TRENDING:

Breach Tied to Recycling Bin

S.C. state employee failed to shred documents Howard Anderson (ismg_editor) • April 26, 2010    
Breach Tied to Recycling Bin
The South Carolina Department of Health and Environmental Control is wrapping up notification of nearly 3,000 individuals about a breach stemming from documents that were improperly discarded in a recycling bin behind the department's headquarters rather than shredded.

After someone turned in the documents discovered in the recycling container, the department conducted an investigation, which led to the firing of an employee who admitted placing the documents in the bin instead of taking them to a shredding facility, says Earl Hunter, department commissioner.

State officials do not believe any information in the documents has been used for criminal purposes, and no charges have been filed against the fired employee. "We've notified the three national credit reporting agencies and the South Carolina Department of Consumer Affairs about the incident," Hunter says.

The department also notified the media and the Department of Health and Human Services as required under the HITECH Act's breach notification rule.

The South Carolina agency reports that documents mistakenly disposed of in the recycling container included information submitted by healthcare providers to have patients participate in three screening programs. The documents, mainly submitted between Jan. 8 and Feb. 17, 2010, contained a variety of information, depending on the screening program, but may have included names, addresses, telephone numbers, dates of birth, Social Security numbers, income levels and brief medical histories and other health information.

"We've notified 1,824 individuals whose information was returned to the agency from the recycling container," says Earl Hunter, department commissioner.

"We've also notified 1,026 individuals whose information was submitted to use for processing in these programs during this time period, even though the documents returned to us did not include information about these individuals. Since we can't be certain that all of the documents have been recovered, it is possible that information about these individuals might also have been improperly placed in the recycling container."

The department is now attempting to identify mailing addresses for a small number of individuals involved, Hunter says. In letters it has already sent, it advised affected individuals to check their credit reports and contact national credit reporting agencies to take steps to protect their identity.

Previous
Emory's Dee Cantrell on Thin Clients
Next
John Glaser: Why Encryption Is a Priority

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

Analysis: Why Regulators Got Tough With H&M
Analysis: Why Regulators Got Tough With H&M
Panel Discussion: Securing Digital Payments
Panel Discussion: Securing Digital Payments
As Telehealth Use Grows, So Do Security Concerns
As Telehealth Use Grows, So Do Security Concerns
Building a Ransomware Incident Response Plan
Building a Ransomware Incident Response Plan
Analysis: Ransomware Dominates the Cybercrime Landscape
Analysis: Ransomware Dominates the Cybercrime Landscape
Analysis: The Significance of Russian Hackers' Indictment
Analysis: The Significance of Russian Hackers' Indictment
The IRS Takes on Cryptocurrency-Funded Terrorists
The IRS Takes on Cryptocurrency-Funded Terrorists
Roger Severino, Lead HIPAA Enforcer, on Fighting Hackers
Roger Severino, Lead HIPAA Enforcer, on Fighting Hackers
Why Digital Identity Is Gaining Momentum
Why Digital Identity Is Gaining Momentum
Supply Chain Risk Management: Areas of Concern
Supply Chain Risk Management: Areas of Concern

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.