PricingBlogAbout Us

Mount Sinai Hospital Data Breach: Analysis and Notification Letter

Verified

Added on  2023/06/11

|6
|1044
|69
Report
AI Summary
This report presents a breach notification letter drafted in response to a data breach at Mount Sinai Hospital, Florida. The breach, involving unauthorized access to patient information by an employee with a criminal record, exposed names, dates of birth, social security numbers, and addresses. The letter outlines the incident's discovery, the types of compromised PHI, and steps patients should take to protect themselves, such as contacting their banks and reporting potential fraud. It also details the hospital's actions, including cooperation with law enforcement, informing patients, and offering to cover potential losses. The letter references similar cases and provides contact information for further inquiries and reporting, emphasizing the hospital's commitment to preventing future incidents.
Document Page
Breach Notification Letter 0
Title: Breach Notification Letter
Assignment Name:
Student Name:
Course Name and Number:
Professor:
Date:
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Breach Notification Letter 1
Contents
Breach Notification Letter to the Patients..................................................................................2
References..................................................................................................................................5
Document Page
Breach Notification Letter 2
Breach Notification Letter to the Patients
To,
The Patient,
Mount Sinai Hospital,
Florida, USA.
Respected Patient,
This is to inform you that a breach of private data and information, has happened in
the Mount Sinai Medical Center by one of their employees. The employee name is Oliver
Gayle and he holds a criminal record too. The occurrence of the breach was founded on
February 27, 2013, when the Aventura Police Department, stopped a vehicle after the police
department was reported and altered by a U.S. Bank, about an attempt to cash a fraudulent
check. After this, the police were out for search (Retzer, 2008). The police found a black bag
in the car and found more than hundred printouts of patients’ information which was taken
from the Mount Sinai Medical Center’s account inquiry processor. The information which
was found in the printouts included multiple names, date of birth, social security number and
the address of the patients too.
The hospital staff and the owners were also interrogated about Gayle and the careless
attitude of the management for hiring an employee with a criminal background. The hospital
defended themselves by stating that the company through which Gayle was hired, did not
provide the hospital with his criminal record and the background check which was conducted
on Gayle, provided information, which was only about one year. The hospital clarified that
they do not work with that company anymore, so accidents like these will not happen again
(Mathieson, 2007).

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Breach Notification Letter 3
The hospital has informed the police about other suspected staff members who might
have helped Gayle in getting the information from the account inquiry processor. A similar
type of case also happened in May 2012, in the Mount Sinai Medical Center, but the hospital
did not take the necessary measures, to prevent such incidents from happening again. The
careless attitude of the organization cannot be ignored and thus, strict actions needs to be
taken this time (Bisogni, 2015).
In a similar case, which was reported by the Affinity Health Plan to the Department of
the Health and Human Services’ Office for Civil Rights, in which more than 500 photocopies
containing patients’ information, was leaked and misused by some individuals. The hospital
where this incident happened was charged with a huge penalty fee, which was around $1.2
million. This case is a motivating example for the patients who are facing the same
consequences in the Mount Sinai Medical Center incident.
The court sanctioned a sentence of 51 months of prison to Gayle on October 23, 2013,
and also including two years of supervised release. This punished was sanctioned due to his
participation in the theft tax refund scheme, which involved the theft of information about the
patient from the hospital. The jury imposed sections 1029 (a) (3) and 2, sections 1028 A (a),
(1) and 2, and also imposed sections 1546 (a).
What the organization is doing:
The black bag which was found in the car also contained bank account information
and the photocopies of the checks which were written to Mount Sinai Medical Center. The
hospital officials are cooperating with the police and are trying to inform the patients about
the incident, so they can take immediate and important steps. Also, the hospital staff has
stated that they will bear the losses which might have happened due to the breach of privacy
and information.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Breach Notification Letter 4
What the patients should do:
Though the hospital is trying their best to control the situation with the help of the
police, as an individual the patients should also take necessary measures to prevent the harm
from happening. They should contact their bank and inform them, about the incident and they
should also block their credit and debit cards (Nieuwesteeg, 2014). The patients should file a
complaint against Oliver Gayle, in which they should inform the police about all the
information which can be used for wrongdoings.
Contact for any queries:
The patients can call or e-mail the hospital for any assistance which they may require
about the incident and its proceedings. The information is available at the official website of
the hospital, which is, www.mountsinai.org or at www.msmc.com. The hospital has taken
various steps to prevent such situations from happening, and providing the people with the
power to report an incident to the Department of Human information at 305-674-2320, is one
such measure. The patients can also contact the police department of Aventura and know
about the latest update. The other agencies to be contacted are the National Consumer
reporting agency which is, www.ncrainc.org and the National credit reporting agency
www.usa.gov.
Sincerely,
Privacy & Security Officer.
Document Page
Breach Notification Letter 5
References
Bisogni, F. (2015). Proving Limits of State Data Breach Notification Laws: Is a Federal Law the
Most Adequate Solution?. SSRN Electronic Journal.
Mathieson, S. (2007). Lords back UK data breach notification law. Infosecurity, 4(5), 9.
Nieuwesteeg, B. (2014). To Notify or Not to Notify? Do Organizations Comply with U.S. Data
Breach Notification Laws? An Empirical Study. SSRN Electronic Journal.
Retzer, K. (2008). Data Breach Notification: The Changing Landscape in the EU. Computer Law
Review International, 9(2).

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 6
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.