Janitorial shredding mix-up causes data breach impacting 13K

A mix-up by a janitorial services firm is the source of a data breach at a Springfield, Mo., radiology group practice. Nineteen-member Litton and Giddings Radiological Associates (LGRA) has notified about 13,000 patients who had billing activity between July 23 and Aug. 2, 2012.

“On Aug. 10, 2012, LGRA learned from its billing company that the janitorial services vendor managed by the billing company’s landlord had inadvertently sent paper billing records to a Springfield recycling center without first shredding the records,” according to the notice sent to patients. “More specifically, on two occasions, July 31 and Aug. 2, 2012, a janitor removed documents from the locked shred bin and placed them in a different, but secured container with other recyclable materials. The secured container was transported to the recycling center where the items were sorted for recycling, and ultimately, completely destroyed. The recycling process is largely mechanized, but workers in the recycling facility do, at times, manually sort the materials.”

According to the notice, the practice's billing firm was unable to identify which documents were involved, but believes compromised protected health information most likely would have included names, addresses, dates of birth, diagnosis codes and/or Social Security numbers. Consequently, the practice notified all patients with billing activity during the time period in question as well as the Office for Civil Rights of the breach. The practice will offer credit protection services on an individual basis.