Consumers for Affordable Health Care purchases statewide personal hospital discharge data from at least ME [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Adult Industry Medical Healthcare Foundation (AIM Medical Associates P.C.) had a data breach in 2011, in California. Over 12,000 current and former adult film performers had their names, home addresses and other personally identifying information posted on the internet. It appears that information from people who tested for HIV and other sexually transmitted diseases at the Adult Industry Medical Healthcare Foundation (AIM) was obtained somehow and misused.UPDATE(5/3/2011):A privacy lawsuit and other troubles caused AIM Healthcare to shut down and file for bankruptcy.UPDATE (7/26/2011): The website that contained the personal and medical information of porn actors, PornWikiLeaks, was forced to shut down after being targeted by hackers. [source].

Environmental Health Coalition purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Alaskan AIDS Assistance Association (Four As) had a data breach in 2010, in Alaska. A data storage device containing client names and contact information was stolen from Four As executive directors car. Some clients had their Social Security numbers on the device. [source].

Mid-City Comm. Advocacy Network purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

American Ex-Prisoners of War had a data breach in 2007, in Texas. Personal records including addresses and Social Security numbers of more than 35,000 veterans and their families were stolen this month from the offices of a POW support organization in Texas. Digital and paper records included information on the groups entire membership, including addresses, dates of birth, Social Security numbers and VA claims data. (35,000 records involved) [source].

National Health Foundation purchases statewide personal hospital discharge data from at least CA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Booker T. Washington Community Center had a data breach in 2007, in New York. A laptop computer with personal information of individuals who applied for Family Health plus or Child Health Plus state health insurance program benefits was recovered when a woman tried to sell it at a pawn shop. [source].

Niagara Health Quality Coalition purchases statewide personal hospital discharge data from at least CA WA [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Catholic Social Services had a data breach in 2011, in . The February 1 theft of a contractors laptop may have exposed client personal and health information. The laptop was stolen from the car of an out of state contractor working for the Pregnancy Support and Adoption Services program. It contained personal information that included names, addresses, phone numbers, email addresses, dates of birth, drivers license information, health information, family histories, financial statuses and recommendation for readiness to adopt. Individuals who requested a home study in order to adopt a child between 2008 and 2010 were among those affected. [source].

Psch, Inc purchases statewide personal hospital discharge data from at least NY [source]. See more information about the fields of data shared, an example of matching real names to the records in statewide discharge data, and which states use standards less than the HIPAA standard.

Child and Family Services of New Hampshire had a data breach in 2013, in New Hampshire. Someone took 23 files from a secure area in the Child and Family Services of New Hampshire main office sometime between March 15 and March 18. The breach was discovered on March 19. The files contained client names, dates of birth, addresses, Medicaid numbers, notes from home visits, and other health information related to home visits. [source].

Courage to Change had a data breach in 2010, in Texas. The owner of the business used patient Medicaid information to fraudulently claim $968,583 from Medicaid between January of 2003 and September of 2006. [source]

Family Intervention Services had a data breach in 2013, in Georgia. A caller contacted a local news team member and an investigation of mishandled medical documents began. The documents were in an unlocked dumpster and contained Social Security numbers, bank account information, addresses, dates of birth, and health information. The documents were associated with Family Intervention Services and an unnamed orthopedic office. [source]

Family Planning Council had a data breach in 2011, in Pennsylvania. A flashdrive was discovered missing from an office on December 28, 2010. It and other items that did not contain patient personal information are presumed to have been stolen by a former employee who left at the end of December. The former employee has an extensive criminal background and was arrested on February 9. Authorities involved in the criminal investigation requested that notification of the breach be delayed due to the investigation. The flash drive contained the personal and medical records of about 70,000 patients. Patient names, Social Security numbers, addresses, phone numbers, dates of birth and other information, including insurance information and medical information was exposed. As a result of the breach, The Family Planning Council will no longer allow unencrypted information to be stored on removable hardware. [source]

Franciscan Health Indianapolis had a data breach in 2018, in Indiana. On 1/6/2018 Franciscan Health Indianpolis suffered a hack that affected 2 records, including names as well as driver's license numbers. [source]

Healing Hearts had a data breach in 2013, in North Carolina. The owner of a group of childcare services pleaded guilty to defrauding Medicaid of $8 million. She and a co-defendant targeted medicaid recipients in order to enroll them in a program and make fraudulent Medicaid claims for mental and behavioral health services. Additionally, the owner pleaded guilty to misusing at least one therapists credentials in order to make the claims for mental and behavioral health services. The scheme took place between 2008 and 2012. [source]

Helping Homeless Veterans and Families Hoosier Veterans Foundation had a data breach in 2008, in Indiana. Hundreds of files containing medical histories and Social Security numbers were found in the trash on Indianapolis east side. The records belong to homeless veterans. A lot of the things inside the folders are confidential information about the clients including Social Security numbers. [source]

Imperial Valley Family Care Medical Group, APC had a data breach in 2016, in California. The information was breached via Laptop. [source]

Lutheran Social Services of South Central Pennsylvania had a data breach in 2013, in Pennsylvania. Lutheran Social Services became aware of a malware program that was on its software system. Resident names, Social Security numbers, dates of birth, Medicare numbers, medical diagnosis codes, payer names, and health insurance numbers may have been exposed. The breach was discovered in March and Lutheran Social Services had not involved investigators or police as of May 9. [source]

Maryville Academy had a data breach in 2011, in Illinois. The information was breached via Network Server. [source]

Rockbridge Area Community Services had a data breach in 2010, in Virginia. On March 3rd, at least one computer and one laptop containing personal information were stolen. Information such as names and Social Security numbers may have been compromised. [source]

SHIELDS For Families had a data breach in 2012, in California. A February 27 office burglary resulted in the theft of a computer server. Sensitive client health information such as dates of birth, addresses, treatment plans, and other types of personal information were exposed. The server was not recovered, but the theft was discovered the next morning and a police report was filed.The incident was posted on the HHS website on June 8. [source]

South Texas Veterans Health Care System had a data breach in 2014, in Texas. The covered entity (CE), South Texas Veterans Health Care System, incorrectly mailed 2,000 letters with another veteran’s protected health information (PHI) printed on the other side. The types of PHI involved in the breach included patients’ names, addresses, and medication information. The CE provided breach notification to HHS, affected individuals, and the media. As a result of OCR’s investigation, the CE updated its procedures for fulfilling mailing requests and issued a memorandum to the print shop staff with the revised procedures and forms. [source]

The Children's Center had a data breach in 2012, in Idaho. An employee of Grand Teton Storage removed documents from The Childrens Centers storage facility after they failed to pay storage bills. A concerned citizen found seven boxes of the old medical records and other personal information next to a dumpster. The information was seven to eight years old and included names, Social Security numbers, addresses, dates of birth, and payroll information. A Grand Teton Storage employee acknowledged that a mistake had been made and the employee who improperly disposed of the records will face disciplinary action. Idaho Department of Health and Welfare eventually recovered and secured the records. [source]

The Guidance Center of Westchester, Inc. had a data breach in 2013, in New York. On February 22, 2013, the Guidance Center of Westchester discovered that a central processing unit (CPU) had been removed form a staff members office. The CPU was removed on February 21 and contained, names, Social Security numbers, dates of birth, dates of admittance to the Center, names of insurance carriers, home addresses, diagnoses, outpatient treatment authorization request, doctors names, case numbers, and whether or not a patient was prescribed medication. [source]

Waipahu Aloha Clubhouse had a data breach in 2012, in Hawaii. An employee noticed unusual activity on a computer on September 25, 2012. It is possible that former and current members of the Waipahu Aloha Clubhouse had information on the computer that was remotely accessed by an unauthorized party. Names, Social Security numbers, dates of birth, addresses, phone numbers, and consumer record numbers dating back to 1997 may have been exposed. Though the Clubhouse services people living with severe and persistent mental illness, no medical records were exposed. [source]

Wellness Centers of Atlanta had a data breach in 2011, in Georgia. Patient records were left in an abandoned pain clinic. The new owner reported the discovery to police. Hundreds of files with medical information of former patients were discovered. It is unclear if anyone else accessed the information. [source]

Wesley Enhanced Living had a data breach in 2018, in Pennsylvania. [source]