Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Rocky Mountain Network (VISN 19)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 3, 2012. Also cited in 133 other reports.
Report ID: SPE000000073618, U.S. Department of Veterans Affairs
Reported Entity: VISN 19 Fort Harrison, MT
Issue:
A box of patient records was found unsecured in an unused outbuilding on the medical center campus. Update: 04/03/12: The Privacy Officer (PO) is determining the exact number of records, and where they might have come from. 04/11/12: The Data Breach Core Team determined that the 392 individuals whose records were out of VA control in the out building will be sent letters offering credit protection services due to full name and full SSN being exposed. 04/12/12: All address information was reviewed and updated to reflect the most current address in VISTA. The number of Veterans went down from 392 to 385 as more duplicate records were identified. Additionally, 8 Veterans are no longer in VISTA. The PO spoke with the Enrollment Coordinator and was told in the 1990s that if Veterans were not being seen, they were deleted from the system, necessitating re-enrollment. The number of affected Veterans who can be located is 379. 04/13/12: The spreadsheet has been completed. There are 211 Veterans who are living who will receive letters offering credit protection services and 168 who are deceased whose next of kin (NOK) will receive NOK notification letters. The PO is unable to determine how the documents came to be in the outbuilding.
Outcome:
The Information Security Officer (ISO) interviewed the Veteran who found these records and with his provider. The Veteran first discovered them on 04/02/12 after hours, but waited until lunch time the next day to report them to his provider. He went through some of the records and stated that they looked weather-beaten. He does not believe anyone went there between the time he found them and when he and his provider saw them. Upon the provider's return to the office, she immediately contacted the ISO. The ISO discovered that the structure has been there at least 14 years. There is no evidence of people going in and out recently.