Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
South Texas Veterans Health Care System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 21, 2014. Also cited in 50 other reports.
Report ID: PSETS0000099406, U.S. Department of Veterans Affairs
Reported Entity: SOUTH TEXAS VETERANS - 671
Issue:
A GE Stress Test Machine with CPU and Monitor was sold as scrap to an individual. He stated once he was able to get it to work, he had access to a patient list (approximately 163 individuals). The Privacy Officer (PO) will know the exact count once Biomed retrieves the data. The machine has been returned and in Logistics' possession.
Outcome:
01/28/14: The DBCT determined that 143 letters offering credit protection services will be offered. It was sent out without being wiped because of lack of adherence to the media sanitization policy. The person who bought the machine was a vendor. The individual used the default password which had never been changed. The person viewed the information and recognized what it was then returned the device. The DBCT determined that 143 letters offering credit protection services will be sent. 3/17/14: Update, 14 Veterans are deceased, so Next Of Kin Notifications will be sent for those Veterans.