GULFPORT, MS (WLOX) - A Gulfport doctor’s office has informed patients of a data breach after files went missing from the office’s storage facility.
In a letter sent to patients, Gulfport Anesthesia Services wrote, “On March 12, 2019 we became aware of an incident where an unauthorized third party gained access to a secured camera protected storage facility which contained paper medical records. We immediately took steps to identify all patients affected by this breach.”
The staff at Gulfport Anesthesia Services said the patient information in the records included: names, addresses, dates of birth, Social Security numbers, health insurance information, and information about the services received at their office.
“While there is no current evidence of any actual or attempted misuse of the information as a result of this incident, we are providing you with notice as part of our commitment to patient privacy.”
Dr. Charles Lobrano, owner of Gulfport Anestheisa Services, said someone broke into the their storage facility, but he isn’t sure when because the storage facility is off site from his office. When the doctor learned of the data breach, Lobrano’s staff went to the storage unit and discovered seven boxes of records missing.
Lobrano's office has sent out letters to approximately 14,000 patients whose billing records were taken from the storage facility which contained records from 2017-2018, one of seven years of billing records in storage.
Lobrano said that some of the records contained patient Social Security, Medicaid and/or Medicare numbers and some credit card numbers. He does not know if any of the information was used improperly.
“I really don’t think hardly anybody’s credit cards were on it. The letter we sent is the information the HIPPA lawyers told us we need to put on the letter, telling people to watch their credit cards," Lobrano said.
Though he sent out 14,000 letters, Lobrano believes fewer than 100 may have contained any credit card information. Lobrano said he’s required to keep the billing records for seven years for possible audits by Medicaid or Medicare.
“Here we are the victims and all these people are victims,” he said.
Lobrano, who's been in practice 30 years, said this is the first time he's been a victim or had records breached. However, the doctor said potential data breaches are a serious issue.
“I went overboard to make sure I did the right things. We did everything we were supposed to. We spent $30,000 on letters and more for a computer company and lawyers.”
A suspect was arrested by Biloxi Police officers, but charges were not filed in connection to the stolen files.