Misplaced Boxes Cause Massive Healthcare Breach

Life Care Center of Attleboro

What Happened?

The Life Care Center of Attleboro, a long-term care provider in Massachusetts, released two separate data breach announcements explaining that both patient protected health information (PHI) and employee records were accidently exposed.

The data breach was discovered when Life Care’s Information Management vendor, Iron Mountain, performed a limited internal audit of archived records on November 18, 2014. During the audit, Iron Mountain could not account for some boxes containing patient PHI.

The missing medical records belonged to patients who visited the Life Care Center of Attleboro between 1992 and 2004, in 2006 or in 2011.

Records included the names, addresses, Social Security numbers, dates of birth, diagnoses, and other medical status and assessment information. Financial information may also have been stored in the misplaced boxes.

Individuals employed at The Life Care Center of Attleboro between 1992 and 1999 may have also been exposed. The announcement did not specify if employee records were stored in the missing boxes or what personal information was exposed.

According to HealthITSecurity, Iron Mountain believes the records were “inadvertently destroyed during a planned consolidation of storage facilities by a predecessor company that occurred between June 2009 and June 2010.”

There is no evidence any information was inappropriately used, but the matter is currently being investigated.

Under HIPAA and Massachusetts’ law, facilities must provide notice of a breach “without reasonable delay.” While the missing boxes were discovered on in 2014, it is unclear when the Life Care Center of Attleboro learned of the incident and if they are in violation of this breach notice provision.

What Should You Do?

Due to the sensitive nature of the exposed information, impacted individuals are now at an increased risk of fraud and identity theft. Former patients and employees who may have been impacted by this breach should be vigilant about minimizing fraud risks, including taking the following actions:

  • Check your credit report
  • Monitor your bank statements regularly
  • Review medical records/statements for inaccuracies and signs of medical identity theft

The Life Care Center of Attleboro is also providing individuals with one year of complimentary fraud protection.

If you have questions, please contact the facility at 844-527-4994. Employees can find more information here. Patients can find more information here.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.