Healthcare News & Insights

Third-party vendor leaves thousands of patient records at city dump

Four hospitals are investigating after it was discovered a billing vendor was dumping thousands of unshredded patient records at a local dump.

The breach was discovered by a photographer for The Boston Globe, who noticed a 20-foot by 20-foot pile of paper when he was dropping off his own trash. He checked out the cache of paper, curious why it wasn’t being recycled. Closer examination showed the paper was a mass of patient records from at least four Massachusetts medical centers and their associated pathology groups. The hospitals affected are Carney, Holyoke, Milford and Milton.

The investigation is ongoing, but so far it appears that the a billing vendor used by several of the pathology groups dumped the records. The billing company was sold at the beginning of this year — most of the records were from 2009.

A small sample of the records collected by The Globe contained sensitive data including patient names, addresses, insurance information, Social Security numbers, pathology reports and post-miscarriage lab work.

A few things are still unclear, including how many patients — at how many hospitals — may have been affected. The hospitals are trying to determine whose records may have been compromised so they can begin notification procedures.

Data breaches of this sort aren’t uncommon, but it appears in this case that the hospitals had no reason to believe the records weren’t being disposed of properly.

Unfortunately, even hospitals with strict adherence to privacy controls can fall victim to a data breach if one of it’s countless physicians, other associated health care providers, billing companies, insurance partners or other contractors who have access to patient data aren’t as careful.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.