Although the organization had contracted with Toronto-based Shred-It to destroy the patient information, it is believed that the microfilms were not actually destroyed as it was agreed upon in the contract. A portion of the microfilm was found in a park in May, and three others were found in two other public locations.

While Shred-It is said to have assured the hospital that the microfiche in its possession was disposed of, the spokesperson for Texas Health Resources, Wendell Watson, said in an e-mail statement that it is unlikely that any information was accessed from the microfiche as they could be read only using a specialized reader. He also said that the microfiche was limited to Texas Health Fort Worth patients who were seen between 1980 and 1990.

As per data from the Department of Health and Human Services, this is the third big HIPAA breach for a Texas Health Resources hospital. This incident is another warning for healthcare entities to encrypt and protect physical data storage devices that pose a high risk of loss/theft. A comprehensive privacy and security management platform like Aegify Security Posture Management or Aegify SecureGRC can prove highly beneficial to healthcare organizations in protecting patient health information and preventing data breaches from taking place.

The post Biggest Breach of 2013 Reported in Texas appeared first on Aegify.