State AG Suggests Tougher Data Breach Notification Laws in North Carolina

February 22, 2019

January 23, 2019   After an upsurge in data breaches affecting North Carolina inhabitants in 2017, state Attorney General Josh Stein and state representative Jason Saine presented a bill to update data breach notification rules in North Carolina and increase protections for state inhabitants. The bill, Act to Strengthen Identity Theft Protections, was presented in January 2018 and suggested changes to state laws that would have made North Carolina breach notification laws some of the strictest in the country. The January 2018 version of the bill suggested an extension of the definition of a breach, modifications to the definition of personal information, and a maximum of 15 days from the detection of a breach to issue notifications to breach sufferers. Attorney Read More

New Massachusetts Data Breach Notification Law Passed

February 21, 2019

January 18, 2019   A new Massachusetts data breach notification law has been passed. The new legislation was signed into law by Massachusetts governor Charlie Baker on January 10, 2019, and will come into effect on April 11, 2019. The new legislation updates current Massachusetts data breach notification law and introduces new requirements for notifications. Under Massachusetts law, a breach is described as an illegal acquisition or use of confidential private information that carries a considerable risk of identity theft or fraud. Notifications should be issued if one or more of the following data elements are obtained by an illegal person together with an individual’s first name and last name or first initial and last name. Social Security number Driver’s Read More

Advertising Expenses Increase 64% After a Healthcare Data Breach

January 17, 2019

Jan 9, 2019   A latest study has investigated the connection between advertising expenses and healthcare data breaches. The study demonstrates hospitals substantially increase advertising expenditure after a data breach. Healthcare Data Breaches Are the most Expensive to Alleviate Healthcare data breaches are the most expensive to mitigate, much higher than breaches in other industry segments. As per the Ponemon Institute/IBM Security’s 2018 cost of a data breach research, healthcare data breaches cost, on average, $408 for each misplaced or thieved record. The expenses are two times, or in some cases nearly three times, those in other industry segments. In addition to the high expenses of alleviating the breaches, the same study verified that the loss of patients to rivals Read More

Flowers Hospital Data Breach Resolution Approved by Judge

January 16, 2019

Dec 30, 2018   A class action data breach court case filed against Flowers Hospital in Dothan, AL, in 2014 has ultimately been resolved. In 2014, a worker of Flowers Hospital stole the private information of patients from the hospital laboratory and utilized the information to file fake tax returns in the names of patients. A deputy sheriff found patient files in the automobile of laboratory worker, Karmarian Millender, during a traffic stop. The inquiry disclosed that Millender had been stealing patient records from the laboratory and had sold the information to tax impostors who filed fake tax returns in patients’ names. Millender pleaded guilty to the theft of patient data and was sentenced to two years in jail. A Read More

EmblemHealth Pays $100,000 HIPAA Violation Fine to New Jersey for 2016 Data Breach

December 14, 2018

Dec 13, 2018   The health insurance provider EmblemHealth has been penalized $100,000 by New Jersey for a 2016 data breach that disclosed the protected health information (PHI) of over 6,000 New Jersey plan members. On October 3, 2016, EmblemHealth dispatched Medicare Part D Prescription Drug Plan Proof of Coverage documents to its members. The mailing labels contained beneficiary identification codes and Medicare Health Insurance Claim Numbers (HCIN), which mirror Social Security numbers. The documents were dispatched to over 81,000 policy members, 6,443 of whom were New Jersey inhabitants. The New Jersey Division of Consumer Affairs probed the breach and identified policy, procedural, and training breakdowns. Earlier mailings of Evidence of Coverage documents were managed by a trained worker, but Read More

2.65 Million Atrium Health Patients Affected by Business Associate Data Breach

December 10, 2018

Dec 1, 2018   AccuDoc Solutions Inc., a supplier of healthcare billing facilities, has suffered a main data breach in which the protected health information of 2,650,000 patients of Atrium Health was disclosed. Morrisville, NC-based AccuDoc Solutions makes bills for patients and manages the online payment system used by Atrium Health, a network of 44 hospitals all over North Carolina, South Carolina, and Georgia. On October 1, 2018, AccuDoc Solutions informed Atrium Health that a few of its databases had been undermined. The breach inquiry disclosed hackers had gained access to AccuDoc Solutions databases between September 22 and September 29, 2018. A wide-ranging forensic inquiry into the attack verified that patient information had been undermined, but the information saved in its Read More

UPMC Data Breach Trial Reinstated by Pennsylvania Supreme Court

December 10, 2018

Nov 30, 2018   Litigation filed by workers affected by a data breach at the University of Pennsylvania Medical Center (UPMC) has been revitalized by the Pennsylvania Supreme Court. The litigation was filed after hackers stole the information of roughly 62,000 current and former UPMC workers in a data breach noticed by UPMC in February 2014. The stolen information included names, tax information, Social Security numbers, addresses, and bank account numbers. The information was used to file fake tax returns in workers’ names to get tax refunds. According to the charge, “As a consequence of UPMC’s negligence, workers incurred damages relating to falsely filed tax returns and are at an increased and impending risk of becoming sufferers of identity theft Read More Data Breach Disclosed Confidential Information of 94,000 People

December 10, 2018

Nov 17, 2018   Last month, the Centers for Medicare & Medicaid Services (CMS) declared that the website had been hacked and the confidential data of roughly 75,000 people had possibly been compromised. This week, the CMS released an update on the breach verifying more people had been affected than was originally thought. The revised estimation has seen the number of breach sufferers increased to 93,689. The original breach declaration was light on details concerning the precise nature of the breach and the kinds of information that had possibly been compromised. In the original announcement, the CMS clarified that doubtful activity was noticed on the site on October 13 and on October 16 a breach was verified. Steps were Read More

Altus Hospital Baytown Experiences Dharma Ransomware Attack

December 10, 2018

November 12, 2018   Altus Hospital in Baytown, TX, has suffered a ransomware attack that led to the encryption of several hospital files. The electronic medical record system was unaffected, even though some of the encrypted files had patients’ protected health information (PHI) including names, credit card information, Social Security numbers, birth dates, contact telephone numbers, home addresses, driver’s license numbers, and medical information. The attack was found on September 3, 2018. Altus Hospital received a ransom demand; nevertheless, helped by a third-party safety advisor, Altus Hospital was able to restore all affected files from backups. The investigator decided that the attacker gained access to the hospital’s servers prior to deploying a Dharma ransomware variation. Altus Hospital thinks the purpose Read More

Billing Files of 12,331 Patients of Inova Health System Have Been Compromised

December 10, 2018

November 11, 2018   Falls Church, VA-based Inova Health System has begun informing 12,331 patients that some of their protected health information (PHI) has been retrieved by an illegal person. Inova Health System was communicated by law enforcement on September 5, 2018 over a supposed breach of patients’ billing information. A prominent computer forensics company was hired to carry out an inquiry into the breach to decide the type of the attack and the level of the breach. The inquiry disclosed its billing system was first retrieved by an illegal person in January 2017, and once again between July and October 2017. Access was gained using the login identifications of an Inova worker. Peculiarly, Inova also informed that the same Read More

Q3 Healthcare Data Breach Report: 4.39 Million Records Disclosed in 117 Breaches

December 10, 2018

November 10, 2018   The latest part of the Breach Barometer Report from Protenus demonstrates there was a three-monthly reduction in the number of healthcare data breaches compared to Q2, 2018; nevertheless, the number of healthcare files exposed, thieved or impermissibly disclosed rose in Q3. In each quarter of 2018, the number of healthcare files exposed in data breaches has increased. Between January and March 1,129,744 healthcare files were disclosed in 110 breaches. Between April and June, 3,143,642 files were disclosed in 142 breaches, and 4,390,512 healthcare files were disclosed, thieved, or impermissibly exposed between July and September in 117 breaches. The biggest healthcare data breach in Q3 was informed by the Iowa Health System UnityPoint Health. The breach was Read More

566,217 Clients of Chicago-Based Health Underwriter Impacted by Data Breach

December 10, 2018

November 9, 2018   The Chicago-based health underwriter Bankers Life, a branch of CNO Financial Group Inc., has found hackers gained access to its systems and possibly thieved the private information of over half a million people. Bankers Life offers a variety of insurance facilities to clients, including life insurance, long-term care insurance, health insurance, and Medicare additional insurance and is the biggest branch of CNO Financial Group. Hackers initially gained access to its systems between May 30 and September 13, 2018. Bankers Life said it found the breach on August 7, 2018. The hackers gained access to a variety of sensitive personal information of a ‘limited number’ of its workers. A ‘limited group’ of clients had names, diagnoses, medication Read More

Stolen Raley’s Pharmacy Laptop Might Have Contained PHI of 10,000 Patients

December 10, 2018

November 1, 2018   Roughly 10,000 patients of Raley’s Pharmacy are being informed that some of their protected health information (PHI) has possibly been compromised. On September 24, 2018, a laptop computer was stolen from a Raley’s drugstore that might have contained some patients’ PHI. Raley’s pharmacy instantly started an inquiry to decide what information was saved on the appliance. Interviews were carried out with staff members who had used the appliance in an attempt to know the kinds of content that might have been disclosed. The electronic mail accounts of workers were also checked for attachments and links to documents that had ePHI, to decide which records had been downloaded or were saved in cache files in a provisional Read More

53% Of Healthcare Data Breaches Because of Insiders and Carelessness

November 27, 2018

November 27, 2018   The healthcare industry has had more than its reasonable share of hacking occurrences, however, the biggest threat comes from within. The actions of healthcare suppliers, health underwriters, and their workers cause more breaches than hacks, malware, and ransomware attacks. Scientists at Michigan State University and Johns Hopkins University studied data breaches reported to the Division of Health and Human Services’ Office for Civil Rights (OCR) over the past 7 years and observed that over half of breaches were the result of internal carelessness. The research study, which was lately printed in the journal JAMA Internal Medicine, is a follow-on from a 2017 study that explored the danger of hospital data breaches and the kinds of hospitals that were most Read More

Stolen FHN Healthcare Laptop Had the PHI of 4,458 Patients

November 27, 2018

November 26, 2018   FHN Healthcare, which manages FHN Memorial Hospital in Freeport, IL, and a network of family healthcare complexes all over northwest Illinois, has learned that a laptop computer having the protected health information of 4,458 patients has been stolen from the automobile of a worker. The theft was instantly reported to law enforcement, but the appliance has not been recovered. FHN Healthcare recreated the data saved on the appliance and found it contained names, medical information, health insurance information, medical record numbers, birth dates, addresses, Social Security numbers, and driver’s license numbers. FHN healthcare already encrypts all its laptop computers, even though the inquiry into the occurrence disclosed that the stolen appliance had not been encrypted and Read More

Main Dental Group Warns Patients About Possible HIPAA Violation

November 27, 2018

November 25, 2018   Key Dental Group, a dental practice in Pembroke Pines, FL, is notifying its patients concerning a suspected HIPAA violation which has the possibility to result in the illegal retrieving of their protected health information (PHI). After altering its electronic medical record (EMR) database supplier, Key Dental Group requested its past supplier, MOGO, to return its EMR database. Although the end user license agreement (EULA) stated that all patient data should be returned on termination of the agreement, MOGO has declined to return the database. MOGO communicated to Key Dental Group, through its lawyer, that the database would not be returned. The Pembroke Pines dental practice claims that in addition to violating the EULA, MOGO, as a Read More

October 2018 Healthcare Data Breach Statement

November 26, 2018

November 24, 2018   Our October 2018 healthcare data breach report demonstrates there has been a month-over-month rise in healthcare data breaches with October seeing more than one healthcare data breach informed per day. 31 healthcare data breaches were informed by HIPAA-covered units and their business associates in October – 6 incidents more than the preceding month. It should be noted that one breach at a business associate was reported to OCR as three separate breaches. The number of breached records in September (134,006) was the lowest total for 6 months, however, the downward tendency didn’t carry on in October. There was a huge surge in disclosed protected health information (PHI) in October. 2,109,730 records were exposed, stolen or impermissibly Read More

Email Hacking Incident Informed by Episcopal Health Facilities

November 26, 2018

November 23, 2018   Specified existing and previous patients of St. John’s Episcopal Hospital and Episcopal Health Facilities in New York are being informed that some of their protected health information has possibly been compromised. On September 18, 2018, Episcopal Health Facilities became conscious of doubtful activity in several worker electronic mail accounts. An inquiry was instantly launched, and a third-party digital forensics company was called in to decide the nature and scope of the breach. The inquiry exposed many worker electronic mail accounts had been compromised between August 28, 2018 and October 5, 2018. A detailed examination of the compromised electronic mail accounts was finished on November 1. The kinds of information exposed varied from patient to patient but Read More

128,400 Workers and Patients Impacted by Phishing Attack on Albany Cancer Cure Center

November 26, 2018

November 22, 2018   New York Oncology Hematology in Albany, NY, has declared that hackers have gained access to 15 worker electronic mail accounts which had the confidential information of as many as 128,400 existing and former patients and workers. As is usual in phishing attacks, the electronic mails had a hyperlink to an apparently genuine electronic mail login page which requested usernames and passwords. When the information was submitted it was harvested by the attackers. As per the alternate breach notice on the New York Oncology Hematology website, each compromised electronic mail account only remained accessible for a brief period of time before access was ended. The electronic mail breaches were identified by New York Oncology Hematology’s IT seller, Read More

Dixons Carphone Data Breach Affects 10 Million Customers

September 17, 2018

August 4, 2018   Dixons Carphone’s 2017 data breach was worse than originally projected. In a statement on Monday, Dixons Carphone, one of the biggest consumer electronics as well as telecommunication vendors in Europe, confessed that the breach affected about 10 million clients, up from an original assessment of 1.2 million people the firm confessed back in June. The firm, which has been probing the hack since it was disclosed in June this year, said the probe is almost finished and now there is proof that some of the data might have been transferred from its systems. The Carphone Warehouse and Currys PC World proprietor said the hackers might have accessed private information of its affected clients including their names, Read More

Boys Town Healthcare Data Breach Disclosed Private Details of Patients

September 17, 2018

August 3, 2018   Another day, another data breach! This time-sensitive and private data of hundreds of thousands of individuals at Boys Town National Research Hospital have been revealed in what seems to be the biggest ever informed breach by a pediatric treatment provider or kids’ hospital. As per the U.S. Division of Health and Human Services Office for Civil Rights, the breach occurrence affected 105,309 people, including patients and workers, at the Omaha-based medical company. In a “Notice of Data Safety Occurrence” distributed on its website, the Boys Town National Research Hospital confessed that the company became conscious of an unusual behavior concerning one of its workers’ electronic mail account on May 23, 2018. After starting a legal inquiry, the hospital noticed Read More

$150,000 Settlement Suggested by Flowers Hospital for 2014 Data Breach

September 17, 2018

August 2, 2018   A class action court case tendered after a staff-member linked data breach at Flowers Hospital in Dothan, Alabama in 2014 is expected to be resolved. The agreement is pending final court endorsement, even though endorsement appears pending and a solution to this four-year legal fight is now achievable. Unlike the bulk of class action litigations filed over the theft/exposure of PHI, this case involved the thievery of data by an insider instead of a cybercriminal. Moreover, the ex-staff member used PHI for identity thievery and scam and was convicted of those criminalities. The breach happened when a former laboratory technician, Kamarian D. Millender, who was found in custody of paper records which included patients PHI. Millender Read More

Hacking Group Thieves $1 Million from Russian Bank through Compromised Router

September 17, 2018

July 28, 2018   The hacking group known as MoneyMaker has succeeded in a $1 million cyberheist after gaining access to a Russian bank via an obsolete router used in one of its local branches. Weaknesses in the PIR Bank router were abused to first give the hackers access to the router, and after that to the Automated Work Station Customer of the Russian Central Bank through network channels designed in the router. As soon as access to the Automated Work Station Customer of the Russian Central Bank was gotten, the hackers were capable to start fake bank transfers to 17 accounts maintained at other Russian banks. Money was transmitted, and as soon as it cleared, cash was taken out Read More

Bill Suggests 18 Months Free Credit Checking Facilities for Data Breach Victims in Massachusetts

September 17, 2018

July 27, 2018   A different bill has been presented in Massachusetts that requests to improve safeguards for users affected by data breaches. The bill requires free credit checking facilities to offer to people whose personal information was disclosed in a safety breach. The bill (H.4806) was submitted on Tuesday by a House-Senate conference committee presided over by Rep. Tackey Chan and Sen. Barbara L’Italien and is a compromise bill between opposing data safety bills that were delivered to the working group on May 3. The House Bill needed users to be provided with a year of credit checking facilities after a data breach while the Senate bill needed users to be provided with 2 years of credit checking facilities Read More

1.5 Million Health Files Breached in Singapore

September 16, 2018

July 25, 2018   Hackers have successfully retrieved a health database of the Singapore government (SingHealth), letting them see the health files of 1.5 million people, including the health files of Prime Minister Lee Hsien Loong. Access to the databank was gained via a front-end workstation which offered the attackers with favored access to the databank. The data breach was noticed on July 4, 2018 when doubtful activity linking to the databank was seen, even though an inquiry into the data breach showed access was first gained a week earlier on June 27. Between June 27 and July 4, some of the information in the databank was downloaded and copied by the attackers. A statement concerning the breach was released Read More

LabCorp Probing Probable Data Breach

September 16, 2018

July 19, 2018   LabCorp, one of the world’s biggest clinical testing laboratories, has suffered a cyberattack that has possibly led to the health data of millions of patients being retrieved by hackers. The cyberattack was noticed over the weekend of July 14, when strange activity was noticed on its Diagnostics systems. The IT safety team took swift action and began closing down systems to restrict the attack. Some of those systems are even now offline as efforts continue to probe the breach, decide its scope, and find out whether access to health data was acquired by the attackers. LabCorp manages 36 testing services all over the United States, manages the National Genetics Institute in Los Angeles, and heads up Read More

Possible Thievery of 4,500 Patients’ PHI BY Former Arkansas Kids’ Hospital Worker Being Reviewed

September 16, 2018

July 16, 2018   A former staff member of Arkansas Children’s Hospital is being probed by law authorities in connection to the thievery and abuse of patients’ PHI. The breach notification tendered to the Division of Health and Human Services’ Office for Civil Rights declared that the ex-staff member possibly got the PHI of up to 4,521 persons. That individual was working at Arkansas Children’s Hospital for a duration of 15 months between November 7, 2016 and February 6, 2018. During that period the person was given access to PHI to carry out important jobs of the role. On May 9, 2018, police warned Arkansas Children’s Hospital to make them conscious that a probe had been started over the probable Read More

Children’s Mercy Hospital Prosecuted for 63,000-Record Data Breach

September 16, 2018

July 15, 2018   Lawful action has been taken over a phishing attack on Children’s Mercy that led to the thievery of 63,049 patients’ PHI. Altogether, five electronic mail accounts were undermined between December 2017 and January 2018. On December 2, 2017 two electronic mail accounts were found to have been retrieved by an illegal person as a consequence of workers replying to phishing electronic mails. Links in the electronic mails directed the workers to a website where they were deceived into revealing their electronic mail account identifications. Two weeks later, two more electronic mail accounts were undermined in a similar attack, with a fifth and final account compromised in early January. The mailbox accounts of four of those compromised email Read More

Healthcare Data Breach Costs Maximum of Any Industry at $408 Per Record

September 16, 2018

July 14, 2018   The latest study carried out by the Ponemon Institute for IBM Security has disclosed the concealed cost of data breaches, and for the first time, the fee of alleviating 1 million-record + data breaches. The research provides insights into the costs of deciding data breaches and the complete fiscal impact on companies’ bottom lines. For the international research, 477 companies were hired and over 2,200 people were interrogated and questioned regarding the data breaches suffered by their companies and the related expenses. The breach costs were computed using the activity-based costing (ABC) method. The average number of files stolen or exposed in the breaches evaluated in the study was 24,615 and 31,465 in the United States. Read More

PHI Breach Impacting 1,254 Patients Informed by Associated Dermatology & Skin Cancer Clinic of Helena

September 16, 2018

July 6, 2018   In the previous few days, Associated Dermatology & Skin Cancer Clinic of Helena, MT, has informed a breach of physical protected health information (PHI) that might have impacted up to 1,254 patients. A journal supervised by a worker of Associate Dermatology was taken from her car on May 26, 2018. A robber entered the automobile as well as thieved the private journal, which saved information to assist the person with the delivery of care to patients. The range of information stored in the journal comprised names and ages of patients, their referring doctors, short notes on patients’ medicinal record, causes for visits, and visit remarks. Patients whose protected health information has been retrieved by the robber Read More

Med Associates Hacking Occurrence Impacts up to 270,000 Patients

September 14, 2018

July 4, 2018   Med Associates, the health billing firm, situated in Latham, NY-based, which provides claims facilities to more than 70 healthcare suppliers, has found that a worker’s computer has been logged onto by an illegal person. It is possible that the hacker got the protected health information of up to 270,000 clients by way of the undermined appliance. Strange activity was observed on a staff member’s computer on March 22, 2018, resulting in an inquiry by the information technology division. Further inquiry by a third-party computer forensics company established that the machine had been distantly logged on by an illegal person. The inquiry brought to light that the HIPAA violation happened on the same day that the strange activity Read More

California Secrecy Act Unanimously Passed

August 8, 2018

July 1, 2018 California legislators collectively passed a consumer secrecy bill that will radically alter how companies manage data. The bill, initialed by Gov. Jerry Brown, gives Californians the authority to hold businesses responsible for misuse of their data. Before the bill’s passage, tech firms and secrecy rights supporters involved intense discussions and landed on a “watered-down type of a more extensive initiative suggested by Alastair Mactaggart, a San Francisco real estate contractor who spent over $3 million on his promotion to qualify the measure for the ballot,” the Sacramento Bee reported. The governor’s sign verified the unanimous endorsement, actually eliminating the measure from the ballot. The California Consumer Privacy Law, Assembly Bill 375, allows members of the public to request that a Read More

Municipalities Breached from Click2Gov

August 8, 2018

June 30, 2018   One more local government has experienced a data breach, and the latest sufferer is Midland, Texas, where hackers leveraged a weakness in Superion’s Click2Gov job in the payment server utilized to make online payments for services. The list of towns affected carries on to increase and grows from Florida to California. That hacker’s leverage known weaknesses in systems to gain access to data is no wonder. Malevolent hackers have been rising their attacks on local governments, and they carry on to abuse the known weakness in Superion’s Click2Gov software, as was the situation in Midland. Earlier this month, Risk-Based Safety executive vice president Inga Goddjin blogged about the company’s probes into the breaches in Oxnard, California, on 25 May and in Wellington, Read More

340 Million Files Disclosed in Exactis Breach

August 8, 2018

June 30, 2018   One more main data breach has left approximately 340 million files disclosed by data collection company Exactis after information was abandoned on an openly accessible server. The 2 terabytes’ worth of data seems to contain the private details of the people registered, including telephone numbers, home addresses, electronic mail addresses and other extremely private individualities for every name.  The kind of private information that was possibly undermined must be pertaining to consumers, given the huge volume of information that is gathered, merged together and contained in databases like the one that was disclosed by Exactis, said Anurag Kahol, Bitglass CTO. “Showing that volume of data to the open internet is a major crime by the business and one that we’ve seen Read More

Michigan Medicine Informs Hundreds of Patients of PHI Exposure

August 8, 2018

June 29, 2018   An unencrypted laptop computer having the protected health information (PHI) of 870 patients of Michigan Medicine has been thieved. The PHI was saved on a private laptop computer which had been placed unattended in a worker’s vehicle. A robber broke into the car and thieved the worker’s bag, which contained the appliance. The thievery happened on June 3, 2018 and it was instantly reported to law enforcement. Michigan Medicine was apprised of the thievery the next day on June 4. The laptop had a variety of PHI of patients who had taken part in research studies. The kinds of information disclosed differed depending on the kind of research the patients had taken part in. Extremely confidential Read More

Cyber Risk at All-Time High for UK Financial

August 8, 2018

June 29, 2018   The percentage of financial facilities companies mentioning cyber-attacks as a main source of danger has hit an all-time high, as per the latest six-monthly survey from the Bank of England (BoE). The Bank’s Systemic Risk Survey for the first half of 2018 had cyber-occurrences rated joint second together with geopolitical danger, with 62% mentioning them as main dangers to the UK’s financial system. The figure has increased for the third successive survey and is now at its maximum level since records started in 2008, as per the BoE. There was also a rise of five percentage points in the ratio of respondents that cited cyber-attacks as the danger most challenging to cope, to more than half (51%). Nick Hammond, a lead advisor for Read More

Protected Health Information Sent to Wrong Fax Receiver Over Many Months

August 8, 2018

June 28, 2018   Faxes having the protected health information (PHI) of a patient have been sent to a wrong receiver by OhioHealth’s Grant Medical Center over a period of many months – A breach of patient secrecy and the Health Insurance Portability and Accountability Act (HIPAA). The receiver of the faxes, Elizabeth Spilker, tried on many occasions to inform Grant Medical Center concerning the issue and stop the faxes being sent, however, her efforts were fruitless. She attempted faxing back a message on the same number demanding an alteration to the programmed fax number and tried getting in touch with the medical center by phone. Spilker later informed ABC6 concerning the problem and the story was covered in a Read More

Unencrypted Hospital Pager Messages Intercepted and Seen by Radio Hobbyist

August 7, 2018

June 27, 2018   A lot of healthcare companies have now switched to safe messaging systems and have retired their obsolete pager systems. Healthcare companies that have not yet made the change to safeguard text messaging platforms must take note of the latest safety break that saw pages from several hospitals interrupted by a ‘radio hobbyist’ in Missouri. Interrupting pages using software defined radio (SDR) is not new. There are different websites that describe how the SDR can be used and its abilities, including the interruption of secret telecommunications. The risk of PHI being obtained by hackers using this method has been admirably recorded.  All that is needed is some easily gotten hardware that can be purchased for about $30, a computer, and Read More

Washington Health System Suspends A number of Workers for Incorrect PHI Access

August 7, 2018

June 23, 2018   After the alleged incorrect retrieving of patient health records by workers, Washington Health System has taken the decision to suspend a number of workers while the secrecy breach is probed. Although it has not been verified how many workers have been suspended, Washington Health System VP of strategy and clinical facilities, Larry Pantuso, released a report to the Observer Reporter showing about a dozen workers have been suspended, though, at this phase, no workers have been dismissed for incorrect medical record access. The secrecy breaches are supposed to link to the death of a worker of the WHS Neighbor Health Center. Kimberly Dollard, 57, was killed when an uncontrolled car driven by Chad Spence, 43, bumped Read More

May 2018 Healthcare Data Breach Report

August 7, 2018

June 22, 2018   April was a specifically bad month for healthcare data breaches with 41 registered occurrences. Although it is definitely good news that there has been a month-over-month decrease in healthcare data breaches, the harshness of some of the breaches registered last month puts May on a par with April.   There were 29 healthcare data breaches registered by healthcare suppliers, health policies, and business associates of protected units in May – a 29.27% month-over-month decrease in registered breaches. Nevertheless, 838,587 healthcare documents were disclosed or thieved in those occurrences – just 56,287 records less than the 41 occurrences in April.   In May, the average breach size was 28,917 records and the median was 2,793 records. In Read More

Failure to Encode ePHI Costs Cancer Treatment and Research Center $4.34 Million

August 6, 2018

June 21, 2018   The Division of Health and Human Services’ OCR has publicized its third HIPAA financial fine of 2018. The $4.34 million civil monetary fine is the fourth biggest HIPAA fine ever issued to settle HIPAA violations. While most protected units and business associates agree to resolve HIPAA violations and pay the fine, on exceptional occasions the fines are disputed, and the case goes before an administrative law judge (ALJ). The ALJ should decide whether the fines are warranted, and the fine amount is realistic. The University of Texas MD Anderson Cancer Center (MD Anderson) came across three data breaches in 2012 and 2013 that led to the disclosure of 34,883 patients’ electronic protected health information (ePHI). In Read More

French Business Optical Center Hit with €250k Penalty for Pre-GDPR Data Breach

August 6, 2018

June 16, 2018   Optical Center, a French business that concentrates on selling eye and hearing supports, has been struck with a €250,000 penalty for a data breach that happened before the launch of the General Data Protection Regulation (GDPR) on May 25. CNIL, the French data safety organization, applied the penalty following the company failed to safeguard the data of its clients on its company website. It was found in July 2017 that it was possible to retrieve clients’ bills with relative easiness. These bills detail PII including first and last name, physical address, and social security number. Besides this, there were also other health details like ophthalmic correction. There was no verification procedure in place for a client Read More

92 Million Users of MyHeritage DNA Checking Facility Affected by Data Breach

August 6, 2018

June 8, 2018   MyHeritage, a provider of DNA checking facilities, has declared it has faced a data breach that has impacted over 92 million users. The breach affects all users of the DNA checking facility who signed up before October 26, 2017 – the date of the breach. In all, 92,283,889 usernames and hashed passwords were disclosed, making this the biggest data breach informed in 2018, and the biggest security breach since the 143-million record-breach at Equifax that was declared in September 2017. The breach was found by a safety researcher who discovered the hashed passwords and usernames on an insecure, private third-party server outside the jurisdiction of MyHeritage. The scientist copied the file and transmitted it to MyHeritage, Read More

Dignity Health Report Several Data Breaches

August 6, 2018

June 3, 2018   Abundant different data breaches and violations of HIPAA Laws have been found by Dignity Health in the past few weeks. One occurrence involved a staff member retrieving the PHI of patients without authorized approval, a fault took place that let a business associate get PHI without a current BAA being in place, and most lately, a 55,947-record illegal access/disclosure incident has been submitted to the Division of Health and Human Services’ Office for Civil Rights (OCR). Dignity Health informed OCR of a data breach affecting patients of its St. Rose Dominican Hospitals at the San Martin, Siena, and Rose de Lima campuses in Nevada on May 10, 2018. The company informs that on April 6, 2018, Read More

Failure to Encrypt ePHI Costs Cancer Cure and Research Center $4.34 Million

July 18, 2018

Jun 21, 2018   The Division of Health and Human Services’ OCR has declared its third HIPAA financial penalty of 2018. The $4.34 million civil monetary fine is the fourth biggest HIPAA fine ever issued to settle HIPAA breaches. While most protected units and business associates agree to resolve HIPAA breaches and pay the fine, on exceptional occasions the fines are disputed, and the case goes before an administrative law judge (ALJ). The ALJ should decide whether the fines are correct, and the fine amount is reasonable. The University of Texas MD Anderson Cancer Center (MD Anderson) suffered three data breaches in 2012 and 2013 that led to the disclosure of 34,883 patients’ electronic protected health information (ePHI). In April Read More

92 Million Users of MyHeritage DNA Testing Facility Affected by Data Breach

July 18, 2018

Jun 8, 2018   MyHeritage, a supplier of DNA testing facilities, has declared it has experienced a data breach that has affected over 92 million users. The breach affected all users of the DNA testing facility who signed up before October 26, 2017 – the date of the breach. Altogether, 92,283,889 usernames and hashed passwords were disclosed, making this the biggest data breach informed in 2018, and the biggest safety breach since the 143-million record-breach at Equifax that was declared in September 2017. The breach was noticed by a safety scientist who found the usernames and hashed passwords on an undefended, private third-party server outside the control of MyHeritage. The scientist downloaded the file and transmitted it to MyHeritage, which Read More

According to JAMA Study Improper Dumping of PHI is Common

June 20, 2018

April 7, 2018   A lately finished study (published in JAMA) has highlighted just how often hospices are disposing of Protected Health Information in an unsafe way. While the analysis was finished in Canada, which is not subject to HIPAA, the outcomes highlight a critical area of Protected Health Information safety that is often ignored. Wrong Demolition of Protected Health Information is More Usual than Earlier Thought Researchers at St. Michael’s Hospital in Toronto checked recycled paperwork at five coaching centers in Canada. Each of the five hospices had policies to account the secured removal of documents that contained Protected Health Information and separate recycling bins were provided for general paperwork and documents having confidential data. The latter was torn prior Read More

Lost Hard Drives from Chesapeake Regional Healthcare Reports PHI of 2,100 Patients

June 19, 2018

Apr 11, 2018   Chesapeake, Virginia based Chesapeake Regional Healthcare has informed that two hard drives having the protected health information (PHI) of roughly 2,100 patients are misplaced from their Chesapeake Regional Medical Center site at that location. The secret health information stored on the appliances in question pertains to patients who took part in research at its Sleep Center between April 2015 and February 2018. It is still not known precisely when the hard drives went missing. Chesapeake Regional Healthcare noticed that the appliances were not at their normal locations on February 6, 2018. An internal inquiry was kicked off, and a full search of the facility was carried out, but the appliances could not be regained. The lost Read More

Arc of Erie County New York Reports that 3,751 Patients’ PHI Was Disclosed on Internet in 30-Month Period

June 19, 2018

Apr 13, 2018   A supplier of person-centered facilities to people with developmental incapacities, The Arc of Erie County New York (The Arc), has informed that two spreadsheets listing the PHI of 3,751 patients were exposed to the public through the Internet without the requirement for verification for a period of longer than 30 months from July 2015 to February 2018. The two spreadsheets in question might be seen via the Internet by illegal people as a result of wrong coding on the website. The mistake meant that link printed on the website brought opinions to a page where the spreadsheets to be accessed by anybody who logged on. Those that experienced harm because of the breach, the majority of whom are developmentally Read More

Almost 14,000 Impacted by SAMBA Secrecy Breach

June 19, 2018

Apr 15, 2018   14,000 people are being alerted regarding a February 2018 breach of PHI at the Special Agents Mutual Benefit Association (SAMBA). The data breach impacts entitled family members of plan members who were protected by the Federal Workers Health Benefits Plan during 2017. It is an Internal Revenue Service (IRS) responsibility for SAMBA to send a copy of Form 1095-B to all plan associates every tax year. The form in question helps plan subscribers’ and protected family members’ compliance with the Affordable Care Act’s separate permission. The forms for the 2017 tax year were delivered on or soon after February 19, 2018; nevertheless, a programming error led to the forms being filled with information pertaining to other Read More

Electronic mail Account Breach Affects 4,000 Patients of Texas Health Resources

June 19, 2018

April 18, 2018   Texas Health Resources is sending notices to ‘fewer than 4,000 patients’ that a few of their PHI might have been seen by illegal people. The Arlington-based healthcare supplier, a supplier to more than 1.7 million patients in North Texas, states that the data breach might have occurred as early as October 2017, even though they did not detect it until January 17, 2018, when police alerted the health system to it. The breach undermined data that was included in electronic mail accounts that the hacker(s) might have been capable to access to for as long as three months. Law enforcement agencies demanded that there must be a delay in delivering breach notice letters, which would usually Read More

Many Staff Electronic mail Accounts Accessed in UnityPoint Health Phishing Attack

June 19, 2018

April 19, 2018   It has been found that the electronic mail accounts of numerous workers of UnityPoint Health have been undermined and accessed by illegal people. Access to the staff electronic mail accounts was first gained on November 1, 2017 and continued for a duration of three months until February 7, 2018, when the phishing attack was detected and access to the undermined electronic mail accounts was turned off. When the phishing attack was first detected, UnityPoint Health sought the facilities of a computer forensics company to evaluate the extent of the breach and the number of patients impacted. The analysis indicated a wide range of safeguarded health data had probably been obtained by the attackers, which contained names in Read More

Misconfigured Security Settings Result in 63,500 Middletown Medical Patients Having their PHI disclosed

June 19, 2018

April 21, 2018   A security setting that was not configured correctly on a radiology system has led to the patients’ Protected Health Information of tens of thousands of patients of Middletown Medical, a multi-specialty physicians’ group based in Middleton, NY, The breach was first noticed on January 29, 2018. On January 30 the interface was readjusted that any illegal people could no longer get patient information. The length of time that the information was accessible remains unclear. The organization has disclosed that only a limited number of patients’ Protected Health Information might have been downloaded by illegal people. Highly confidential information including Social Security details, financial data, and insurance information was not copied. The breach contained information such as names, birth Read More

Des Moines Crisis Observation Center Contacts HIPAA Due to Incorrect Distribution of Data

June 19, 2018

April 25, 2018     1,071 patients who were cured at the Des Moines Crisis Observation Center administered by Polk County Health Services Inc., have been communicated to instruct them that a few of their PHI has been “unintentionally and accidentally circulated” at some point in the last three and a half years. The breach was first known on February 14, 2018, even though the probe disclosed that information was first revealed on June 1, 2014 and continued until January 11, 2018. The variety of information revealed includes patients’ names together with admission dates, Medicaid ID numbers, home details, Social Security numbers, and specific discharge places. Through the Crisis Observation Center, Polk County Health Facilities supplies mental health treatment facilities for Read More

Manufacturer of Oxygen Equipment Reports Data Theft Occurrence Possibly Impacted 30,000

June 19, 2018

April 28, 2018   Inogen, a producer of moveable oxygen concentrators, has found that an illegal person has obtained the identifications of workers and has utilized them to access the staff member’s electronic mail account. Phishing and other identifications theft occurrences are usual in the healthcare industry, even though what makes this occurrence extraordinary is the number of people impacted by the attack. The compromised electronic mail account included the personal information of roughly 30,000 people who had earlier been supplied with oxygen supply appliances. The variety of information possibly seen and obtained by the hacker include name, Medicare ID number, sorts of equipment provided, date of death, date of birth, electronic mail address, address, telephone number, and health insurance Read More

Server Misconfiguration Leads to the Leakage of 42,000 Patients’ PHI

March 30, 2018

Thousands of sick persons of a NY medical practice had their PHI leaked online because of a misconfigured computer network. It’s presently unclear if anybody except the safety investigator who found that someone has retrieved the files. The computer network misconfiguration was known on January 25, 2018, by a director of cyber danger investigation at Upguard, Chris Vickery. In a March 26 weblog, Vickery described that he found an exposed port usually utilized for distant synchronization (rsync). Although access must have been restricted to particular whitelisted IP addresses, the port was misconfigured as well as permitted anybody to retrieve the data. All that was needed to retrieve the computer network was its IP address. Vickery found 2 pieces in the Read More

Danger Finding and Information Distribution in Healthcare Reinforced by NH-ISAC Association with Anomali

March 24, 2018

Anomali has associated with the National Health Information Sharing as well as Analysis Center (NH-ISAC) and also will be supplying danger information to healthcare companies via NH-ISAC. Anomali will supply the required infrastructure and tools to NH-ISAC to let its contributors co-operate and share danger information with other customers. Anomali will provide the latest danger information on current as well as new outer dangers explicit to the healthcare sector authorizing NH-ISAC associates to take proactive measures to alleviate the danger. Anomali’s prompt alerting system assists healthcare units to react to dangers quickly when cynical activity is noted on a structure. NH-ISAC contributors include hospitals, health underwriters, ambulatory providers, medical research centers, pharma companies, medical device manufacturers, and other healthcare sponsors. Read More

NH-ISAC Association with Anomali Increase Danger Detection and Data Distribution

March 24, 2018

The National Health Information Sharing and Analysis Center (NH-ISAC) as well as Anomali have started working jointly and will be offering danger information to healthcare centers via NH-ISAC. As a part of this association, Anomali will be assisting NH-ISAC with the needed infrastructure and tools to let its customers work jointly and share danger information with other contributors. Anomali will be generating the latest danger information on current and new external dangers particular to the healthcare sector available letting NH-ISAC associates work to reduce the danger. Anomali’s early alerting system implies that healthcare companies can act swiftly when doubtful activity is noticed on a system. Associates of the NH-ISAC include medical technology manufacturers, ambulatory providers, pharma groups, medical research facilities, Read More

2015 Email Breach might Had affected 1,049 Patients at RoxSan Drugstore

March 23, 2018

RoxSan Drugstore has contacted 1,049 patients to notify them that a few of their PHIs have been shared with a business partner through the unencrypted electronic mail. The warning letters were delivered to affected persons the previous month, even though the case occurred on January 20, 2015. In the latest press statement, Beverly Hills, CA-centered RoxSan summarized that affected persons are being warned in “as timely a method as conceivable”. The delay in dispatching notices was because of “the safeguarded type of the forensic analysis”. It’s not clear when RoxSan Drugstore became conscious of the fault. The PHI was enclosed in a data file which was dispatched to an individual – A business partner of the drugstore – who was Read More

Primary Health Care Informs Illegal Access to Several Electronic mail Accounts

March 22, 2018

Primary Health Care Inc., a no-profit system of community health organizations based in Des Moines, Marshalltown as well as Ames, IA, has discovered that malevolent actors have gotten access to the electronic mail accounts of 4 workers and have possibly seen or gained patients’ safeguarded health data. Primary Health Care issued a press statement as well as uploaded an alternate breach notification to its online portal on March 16, 2018, clarifying the breach happened on February 28, 2017. The breach was known the next day on March 1, 2017. Primary Health Care is in the procedure of warning affected patients and will be informing the case to the Division of Health and Human Services’ OCR. No description is given regarding why Read More

Triple-S Advantage Undergoes Severe Data Breach with 36k Members Affected

February 21, 2018

36,000 plan subscribers of Triple-S Advantage have faced a secrecy breach that has affected them. The breach was experienced by the Puerto Rico centered company when a mailing mistake which saw confidential information of plan subscribers dispatched to wrong receivers. The data that was revealed, because of the mailing error, was partial and didn’t include financial files or Social Security numbers; nevertheless, plan subscribers’ ID numbers were issued without permission together with names, treatment codes, and dates of service. The mailing mistake happened in November however, was not noticed by Triple-S before December 5, 2017. A wide-ranging review was started to conclude how the mistake happened and now measures have been taken to ensure that these types of mistakes don’t Read More

CarePlus Health Alerts 11,200 Contributors of PHI Breach

February 9, 2018

A secrecy case has been faced by Miami, Florida-centered CarePlus Health Policies where some plan contributors’ PHI were wrongly communicated to other plan contributors. Benefits statement descriptions were dispatched to its plan contributors on January 9 and January 16, 2018, though on January 17, CarePlus noted that a few of the reports had been dispatched to the wrong receivers. The Explanation of Benefits reports included particulars such as names, CarePlus health plan identities, CarePlus identification numbers, the services that had been supplied, providers of services, dates of service, and addresses. Extremely confidential data like financial information and Social Security numbers were not incorporated in the Explanation of Benefits reports. CarePlus hasn’t gotten any statements to indicate any of the revealed Read More

53,000 Dispensary Patients have Protected Health Information Disclosed in Electronic mail Hack

January 27, 2018

Patients of CareMed Specialty Pharmacy and Onco360 have been informed that the Protected Health Information of 53,173 sick persons has been undermined because of a phishing attack. A safety breach was found on November 14, 2017, when doubtful action involving an employee’s electronic mail account was found. After the detection third-party computer forensics specialists carried out a probe to decide the extent and manner of the breach. It was informed, on November 30 that the breach concerned the electronic mail accounts of 3 workers. An analysis of the electronic mails in those accounts exposed a few enclosed messages had the Protected Health Information of patients, which might have been retrieved and copied by the cyberpunk. The information possibly obtained contained health Read More

Unapproved Palomar Health Nurse Saw Medical Histories of More than 1,300 Patients

January 24, 2018

An ex nurse hired at Palomar Medical Center, Escondido saw, without approval, the medical histories of over 1,300 patients who were getting cure at the hospital. Those impacted are now informed of the breach. The breaches were experienced throughout a 15-month duration from February 10, 2016, to May 7, 2017. The access that wasn’t allowed was first noticed when access records were checked. The inspection disclosed a series of access that wasn’t usual for the work duties of a nurse. The inquiry indicated that the nurse viewed the histories of sick persons who had been allotted to her and people assigned to a different nurse within the same region. The happening looks to be an incident of prying, instead of data Read More

Compassion Care Hospital Cyber Attack Impacts 1,128 Customers

January 12, 2018

The PHI of 1,128 customers of Compassionate Care Hospital, Las Vegas (CCHLV) might have been retrieved by an illegal person. The individual in question accessed the company’s website might have seen the matter of the computer networks. Compassionate Care Hospital, Las Vegas found the infringement on Mits system on October 28, 2017. The computer network was retrieved by an illegal person. Compassionate Care Hospital, Las Vegas employed a company focusing on forensics to conduct a complete analysis to decide the type of the breach and to recognize all sick persons who were possibly affected. Although the analysis verified retrieval of data was probable, there was nothing to indicate that any confidential information was seen or thieved by the illegal person. Nevertheless, Read More

Jones Memorial Hospital Warns Patients of Continuing Cyberattack

December 31, 2017

Jones Memorial Hospital of the University of Rochester Medicine in New York is presently going through a cyberattack which has triggered unanticipated interruption. The onslaught is considered to have begun on last Wednesday and also has triggered interruption to a few of its information facilities. At the instant of writing, the type of the cyberattack is not clear and it has yet to be determined.  The cyberattack is restricted to Jones Memorial Hospital. No other sites have been affected. Although some systems are not available, Jones Memorial Hospital has confirmed on its site that the medical and financial information of its patients doesn’t seem to have been undermined. If the inquiry determines that there has been a breach of health data, Read More

24,000 Patients Affected due to Emory Healthcare Data Breach

December 31, 2017

Emory Healthcare (EHC) has found that an ex-employee got the PHI of many thousand EHC patients as well as transferred the files to an MS Office 365 OneDrive account, where it might possibly be accessed by other individuals. The ex-employee was a doctor at EHC, who is now employed at the University of Arizona College of Medicine. EHC states patient information was acquired without approval and without its information. EHC was warned to the event by the University of Arizona and got a listing of impacted people on October 18, 2017. The OneDrive account might only be retrieved by the doctor, other former EHC doctors now at UA, UA workforce who probed the event, and possibly a few of other Read More

Children’s Hospital Los Angeles Warns Parents of forbidden Disclosure of Kids’ PHI

December 30, 2017

Children’s Hospital Los Angeles is alerting parents of a secrecy breach which observed the protected health information (PHI) of children disclosed to wrong insurance payers. The secrecy breach was found on November 29, 2017, with notices dispatched to impacted patients on December 19. The forbidden disclosure of PHI incorporated names, dates of service, addresses, birth dates, medical record numbers, and descriptions of the facilities delivered. Upon detection of the secrecy breach, the insurance payers were communicated and ordered to erase the info. Suitable pledges have been gotten that the info has now been erased and the medical files of impacted patients have been renewed to contain correct payer information. No information has been received to indicate that any of the Read More

Phishing Attack on Colorado Mental Health Institute Brings PHI Disclosed

December 29, 2017

The Colorado Mental Health Institute at Pueblo has found that one of its workers has been a victim of a phishing cheat that possibly let the assailant access the PHI of as many as 650 sick persons. The Colorado Mental Health Institute at Pueblo is a 449-bed hospice offering inpatient treatment for patients. The hospice attends patients with undecided criminal allegations that need capability assessments, people found by the benches to be unable to proceed, and people found not responsible for criminalities because of stupidity. The phishing attack happened on November 1, 2017. The worker mistakably revealed login identifications that let the assailant gain entrance to a state-issued computer system. Illegal activity on the computer was noticed the next day Read More

Access to Dental Files Misplaced for 5 Days Because of Ransomware

December 29, 2017

A dental consultancy in Reno, NV has undergone a ransomware attack that stopped dental images and records from being retrieved for 5 days. Wager Evans Dental underwent the ransomware attack on October 30, 2017. The malevolent software was fitted on one computer as well as one server utilized by the consultancy. Ransomware can be fitted in many ways, even though most usually attack happen through electronic mail. That seems to be the situation with this attack, with the consultancy doubting ransomware was copied when a worker ticked on a malevolent hyperlink or electronic mail attachment. IT workforce and other specialists restored the encoded records and removed the ransomware within 5 days. Access to patient files and pictures was not reclaimed Read More

Texas and Pennsylvania Files Breaches Disclosed Over 5,000 Patients’ Protected Health Information

December 17, 2017

Midland Memorial Hospice in Texas, as well as Washington Health System Greene in Pennsylvania, have declared they have found patients’ PHI has been disclosed. Washington Health System Greene Learns Hard Drive Lost Washington Health System Greene is warning 4,145 patients that a few of their PHI have been disclosed following a hard drive was found to be lost. A moveable hard drive utilized with a bone densitometry device in the Radiology division was found to be disappeared on October 11, 2017. Even though it’s probable that the hard drive might have been lost, a hunt of the hospital didn’t find the hard drive, and the lost hard drive has been informed to the Pennsylvania State Police Department like a possible Read More

Illinois Doctors Association Learns Paper Files Lost from Storing Service

December 16, 2017

During the last 2 months, there were many data breaches informed by HIPAA-protected units involving the theft or loss of physical files. During November, 7 breaches involving paper files were informed to the OCR of HHS, and an additional 5 cases were informed the earlier month. Now one more case has been informed in Illinois. Franciscan Doctor Association of Illinois, as well as Subject Doctors of Illinois LLC, have found payment files which were preserved in a storing service are lost. The storing service in Chicago Heights was used by both doctor groups. The theft/loss of the physical files are among the biggest breaches of the last few months, possibly affecting about 22,000 patients. The payment files were from 2010 and Read More

UNC Health Care Breach Possibly Affects 24,000 Patients

December 13, 2017

A laptop utilized by UNC Dermatology & Skin Cancer Center in Chapel Hill, NC, has been stolen, disclosing the PHI of roughly 24,000 patients. The laptop was stolen by crooks during a robbery on October 8, 2017. UNC Health Treatment stated a file on the stolen laptop had the PHI of sick persons who had earlier paid a visit to the Burlington Dermatology Center. UNC Healthcare started the practice during September 2015, as well as particulars of sick persons who had paid a visit to the center for a cure before September 2015 were saved in the password-protected databank. As the databank needs a password to gain access to patient info, it’s probable that no PHI has been disclosed. Nevertheless, Read More

Hospital Worker Sacked for Accessing Medical Files Without Approval

December 8, 2017

Lowell General Hospital in MA has found the medical files of 769 patients have been retrieved by a worker without any genuine work reason for doing this. By retrieving the medical files, the worker violated hospital rules and breached the secrecy of patients. Upon detection of the breach, and conclusion of the succeeding inquiry, the worker was sacked. Lowell General Hospital contended that just one individual was involved and that this wasn’t a common issue at the hospice. Patients affected by the safety case have been informed and a breach notification has been put on the hospice website. Patients have been notified that the kinds of information retrieved by the former worker included names, medical diagnoses, dates of birth, as Read More

880 Patients Possibly Affected by Baptist Health Louisville Phishing Attack

December 8, 2017

Baptist Health in Louisville, Kentucky has alerted 880 patients that a few of their PHI have possibly been retrieved and thieved by hackers. The safety breach was found on October 3, 2017, when unusual activity was noticed on the electronic mail account of a worker. Baptist Health determined that a third-party transmitted a phishing electronic mail to the worker, who replied and revealed login identifications letting the electronic mail account to be retrieved. Those login identifications were then utilized by an unknown person to gain access the electronic mail account. The electronic mail account had the PHI of 880 patients, though it is not clear whether any of the electronic mails were seen. The purpose of the attack might not Read More

Protected Health Information of 28,000 Mental Health Patients Supposedly Thieved by Healthcare Worker

December 7, 2017

Center for Health Care Services (CHCS), a supplier of mental health cure and support facilities for people with developmental and intellectual incapacities, has found documents having the PHI of patients have been thieved by a former worker. Breach notice letters have been dispatched to 28,434 patients who got facilities at CHCS prior to the summer of 2016 notifying them of the breach. The breach was found on November 7, 2017, however, the data thievery happened over 17 months before. The former worker was fired on May 31, 2016, with the files copied onto a personal computer after the person was sacked, as per a latest CHCS press statement. The breach came to light in the course of discovery in a Read More

Medical Files from Pennsylvania Obs/Gyn Clinic Discovered at Community Reprocessing Place

December 6, 2017

Paper records having names, medical histories, and Social Security numbers, containing particulars of cancer analyses and sexually transferred illnesses, have been discarded at a recycling place in Pennsylvania. The records seem to have originated from Women’s Health Consultants, a gynecology and obstetrics practice which had facilities in Hanover Township and South Whitehall Township, PA. How the files were discarded at the recycling facility is not known since the container where the files were disposed of wasn’t covered by reconnaissance cameras. The facility does have a sealed reprocessing container where confidential papers having private information can be placed securely, however that container was not utilized. The files were discarded in a container where they might be retrieved by illegal persons. The Read More

UAB Medicine Warns 652 Patients of PHI Disclosure

December 3, 2017

A breach of patients’ protected health information (PHI) has been faced by the University of Alabama at Birmingham Medicine Viral Hepatitis Clinic. The University of Alabama at Birmingham utilizes flash drives to transmit files from its Fibroscan device to a CPU. Two flash drives were found to be lost on October 25, 2017. The moveable storing appliances had a partial amount of PHI of 652 sick persons. Information saved on the appliances included first and last names, names of referring physician, gender, medical diagnosis, birth dates, images and numbers pertaining to test results, and the dates and times of the test. UAB Medicine has verified that no financial information, Social Security numbers, addresses, insurance details, or phone numbers were saved Read More

Private Data of New York Pharmacy Clients Disclosed in Incorrect Removal Event

December 2, 2017

ShopRite Supermarkets, Inc., has declared that a few of its drugstore clients have been affected by a safety breach concerning the incorrect removal of a device utilized to take clients’ initials. The appliance was utilized at the ShopRite, NY location from 2005 to 2015 and saved medical and personal information. Clients who went to the drug store and had prescriptions filed from 2005 to 2015 have possibly been affected by the event. For those clients, the appliance saved information like names, prescription numbers, phone numbers, dates and times of delivery or pickup, medication names, zip codes, and customers’ initials. The appliance was also utilized for clients who purchased an over-the-counter item having pseudoephedrine. Those clients have had their zip code, Read More

7,000 Patients Affected by Blackmail Effort on Sports Medication Supplier

November 30, 2017

Massachusetts-based Sports Medicine and Rehabilitation Therapy (SMART) has warned 7,000 patients to a breach of their PHI. Possibly, the breach affected all sick persons whose information was noted in an official visit to a SMART facility before December 31, 2016. The breach, which happened during September 2017, was a blackmail effort. Cyberpunks accessed SMART systems, supposedly thieved files, and required a redemption payment to avoid the data from being announced online. No hint was given in the breach notification letters to indicate the money was paid, even though SMART has notified its sick persons that there’s “no logic to suppose that the files have been or will be utilized for more evil intentions.” The issue has been probed by the Read More

Second Decoded Laptop Computer Thieved from Rocky Mountain Medical Care Facilities

November 23, 2017

Rocky Mountain Medical Care Facilities has found that a decoded laptop computer has been thieved from one of its workers. This is the second incident of this type to be uncovered during three months. The latest case was detected on September 28. The laptop was found to have the PHI of a limited quantity of patients. The kinds of information saved on the laptop contained first and last names, dates of birth, addresses, Medicare numbers, health insurance info, and partial treatment info. The case has been reported to police and patients affected by the case have been alerted by post. Rocky Mountain Medical Care Facilities, which also works as Rocky Mountain PACE, HealthRide, and Rocky Mountain Alternatives for Long Time Read More

Doubted Phishing Attack on UPMC Susquehanna Discloses 1,200 Patients’ PHI

November 22, 2017

UPMC Susquehanna, a group of medical centers and hospitals in Muncy. Pennsylvania and Williamsport, Wellsboro, has declared that the PHI of 1,200 patients has possibly been retrieved by illegal people. Access to PHI is thought to have been gained when a worker replied to a phishing electronic mail. Although particulars of the breach date have not been announced, UPMC Susquehanna states it found the breach on September 21, when a worker informed doubtful activity on his computer system. An inquiry was started, which disclosed illegal people had gained access to that person’s appliance. It’s unknown whether the assailant saw, thieved, or abused any patient information, however, the probability of data access as well as abuse could not be precluded. The Read More

Cartons of Medical Files Thieved from New Jersey Health Practice

November 19, 2017

Otolaryngology Partners of Central Jersey is warning patients to a breach of their PHI, after a theft at an off-site storing service in East Brunswick, NJ. The robbers took 13 cartons of paper medical files from the service, which contained information like names, health insurance account numbers, addresses, dates of military service, birth dates, and the names of curing doctors. A limited quantity of Social Security numbers and driver’s license numbers were also in the thieved files. The theft was swiftly identified and police were informed. An internal inquiry was started, and measures were taken to decrease the possibility of similar breaches taking place in the time to come. The medical files were being saved as per federal and state Read More

Florida Blue Data Breach affects 939 People

November 19, 2017

Blue Cross and Blue Shield of Florida, doing business as Florida Blue, has declared that the PII of a restricted quantity of insurance contenders has been disclosed online. Florida Blue was warned to the disclosure of patient files in late August and instantly started an inquiry. Florida Blue informs that the inquiry disclosed 475 insurance requests had been supported up to the cloud by an unassociated insurance representative, Real-Time Health Quotes (RTHQ). The files backup contained agency records and copies of dental, health, and life insurance requests from 2009 to 2014. Those records were left exposed because an unsafe cloud server was utilized to save the backup records. As a result, those records might have been retrieved by the public Read More

Cook County Health and Hospices Organization Patients Affected by Experian Health Breach

November 12, 2017

Cook County Health and Hospices Organization, a health organization consisting of two hospices and over a dozen community health facilities in Illinois, has warned patients to a breach of their PHI. The breach happened at Experian Health, a BA of Cook County Health and Hospices Organization. Experian Health is hired to decide insurance entitlement and the partial patient information is disclosed to the BA for this goal. The breach happened in March 2017 in the course of an update of a computer system of Experian Health. The PHI of 727 patients was inadvertently transmitted to other healthcare organizations. The PHI disclosed was limited and didn’t contain the kinds of information required by cybercriminals to carry out identity thievery. Because of Read More

Long-standing Malware Contamination Found by CCDA

November 11, 2017

In August, when Catholic Charities of the Diocese of Albany (CCDA) was carrying out an update of its computer safety software, a malware was found to have been fixed on one of the computer networks utilized by its Glens Falls branch, which helped patients in Warren, Saratoga and Washington Regions in New York. Swift action was taken to obstruct access to the computer network and CCDA summoned a computer safety business to carry out a probe into the illegal access. The inquiry, which took many weeks to finish, disclosed that access to the computer network possibly happened in 2015. Although access to the computer network was possible and a malevolent program had been fitted, the inquiry didn’t find proof to Read More

TJ Samson Community Hospice Finds Wrong Retrieving of 683 Patients’ PHI

November 6, 2017

An autonomous care supplier who supplies treatment to patients of TJ Samson Community Hospice in South Central KY has been found to have wrongly retrieved the PHI of 683 sick persons of TJ Samson Community Hospital in KY and the TJ Health Columbia Health center. The wrong access was found during a usual audit of PHI access records on August 25, 2017. The following inquiry disclosed two people from the healthcare supplier’s office had retrieved the PHI of patients, without any genuine work reason for doing this. Access to patients Protected Health Information is required by independent healthcare suppliers to carry out their work tasks, even though in this instance, the Protected Health Information of patients was retrieved although the Read More

Lawnmower Engine Producer Informs HIPAA Breach

November 3, 2017

Briggs Stratton Corporation, a producer of lawnmower engines, might not seem to be a HIPAA protected unit because the company isn’t in the healthcare business and doesn’t provide facilities to healthcare companies as a BA. Nevertheless, the business is needed to abide by HIPAA Laws. When the business experienced a possible breach of worker information, the occurrence was a reportable safety breach, OCR needed notice, and notice letters had to be delivered to its workers. Simply because a company doesn’t operate in the healthcare business doesn’t mean that HIPAA doesn’t apply. Briggs Stratton was needed to abide by HIPAA Laws because of its self-insured group health scheme. Companies and health plan underwriters are needed to make sure that HIPAA plans Read More

8,000 Patients Informed of PHI Disclosure After Office Robbery

November 1, 2017

A partial amount of protected health information (PHI) of nearly 8,000 patients of Brevard Doctor Companions has been revealed after a desktop computer was lifted in a robbery. The case happened on September 4, 2017 – Labor Day – when the workplaces were shut. In the early morning, robbers entered in illegally and stole 3 desktop computer systems. The robbery activated the alarm system and law enforcement agency reacted to the case, even though not in time to arrest the crooks. A forensic investigation of the office was carried out, even though so far the people responsible haven’t been captured and the computers not regained. Two of the computer systems didn’t contain any PHI, however, the 3rd computer had 5 Read More

932 Texas Kids’ Health Plan Members’ Protected Health Information Sent by e-mail to Private Account by Worker

October 30, 2017

The PHI of 932 associates of the Texas Kids’ Health Plan has been found to have been sent by e-mail to the private electronic mail account of a former worker. The case was detected on September 21, 2017, even though the former worker emailed the files late last year between November and December 2016. The electronic mails were detected during a usual check. Texas Kids’ Health Plan reacted to the breach quickly and has taken action to alleviate the danger. The health insurance scheme has also applied additional protections to avoid similar events from happening in the time to come and workers have been re-trained on HIPAA Laws and hospice policies. Although the reason for the Protected Health Information being Read More

Data Breach Underlines Threat of Utilizing USB Drives to Save PHI

October 28, 2017

The Man-Grandstaff VA Health Complex in Spokane, Washington has found 2 USB drives having the PHI of nearly 2,000 old-timers have been stolen. The two appliances were used to save data from a separate, non-networked server which was being taken out. Among the appliances was the master drive utilized to shift Anesthesia Record Keeper database of the medical center to its virtual archive server. As per a statement released by the medical center, that displacement had happened in January. It’s not clear why the database was on the drive even now. The appliances were stolen on July 18, 2017, from a bonded worker when on a service call to a VA hospital in Oklahoma. Man-Grandstaff VA Health Complex was unable Read More

RiverMend Health Electronic mail Breach Affects 1300 Patients

October 22, 2017

Augusta, Georgia-based RiverMend Health, a supplier of field behavioral health facilities including facilities for alcohol and drug dependence, has found that an illegal person has accessed the electronic mail account of its employee. The illegal access was noticed on August 10, 2017, as soon as doubtful electronic mails were found being sent from the worker’s account. The doubtful electronic mail activity was probed and entrance to the account was obstructed on August 11, 2017. The inquiry showed the entrance to the account was first achieved 2 weeks earlier on July 27. All through the 2 weeks that the electronic mail account was available, it’s probable that the worker’s electronic mails were retrieved by the assailant. Those electronic mails had a Read More

Thievery of not Encrypted Laptop Possibly Leads to PHI Revelation

October 20, 2017

A not encrypted laptop has been thieved from the car of an employee of Bassett Family Practice in VA, possibly guiding to the revelation of patients’ PHI. The thievery is believed to have happened during the weekend of 12/13 August. Patients were alerted to the revelation of their files on October 13, 2017. The postponement in delivering notices was because of the time taken to regain the missing records from backups as well as to analyze those records to decide which patients had been impacted and the kinds of PHI saved on the laptop. The laptop was found to have some information concerning patients’ calls to the practice, together with their names, account number, date of birth, and their insurance Read More

8,362 Patients Possibly Affected by Advanced Spine & Pain Center Breach

October 19, 2017

The San Antonio, Advanced Spine and Pain Center (ASPC) alerted patients to a possible breach and illegal use of their PHI. Possibly, up to 8,362 sick persons have been impacted by the case. ASPC became conscious of a possible breach of ePHI on 07/31/2017 when some patients informed receiving a phone call demanding payment for an unpaid bill was needed. An inquiry was started to decide whether ASPC systems had been penetrated. That inquiry discovered illegal people had accessed to an ASPC server. Illegal access happened although extensive defenses had been set up, including network filtering, firewalls, password safety, security checking, and antivirus software. Although illegal access was verified, it was not clear whether any confidential information was retrieved by Read More

Protected Health Information of 10,500 Patients of an Illinois Psychoanalyst Disclosed

October 14, 2017

The medical records of over 10K patients of a Naperville, IL-centered psychoanalyst – Dr. Riaz Baber have been found in the underground room of a property by the lady who leased the house from Dr. Riaz Baber. The records had been stowed in the underground room for no less than four years. The lessee, Barbara Jarvis-Neavins, was supposedly delivered a key to the underground room by the psychoanalyst’s spouse as access was needed when workmen had to go to the property. She was informed that she had to go along with workmen when they required access. Jarvis-Neavins stated she desired to inform the existence of the records – and that she might access the storing area – however, believed that Read More

47GB of Health Files and Test Scores Found in Unsafe Amazon S3 Vessel

October 13, 2017

Scientists at Kromtech Security have found one more unsafe Amazon S3 vessel utilized by a HIPAA-protected unit. The unsafe Amazon S3 vessel had 47.5GB of health files pertaining to about 150,000 patients. The health records in the files had blood test scores, doctor’s names, case administration notes, as well as the private info of patients, including their names, contact phone numbers, and addresses. The scientists said several of the stowed records were PDF files, having info on several patients that were going through weekly blood tests. Altogether, roughly 316,000 PDF files could be accessed easily. The checks had been carried out in patient’s houses, as requested by doctors, by Patient Home Monitoring Corporation. Kromtech scientists said the files might be Read More

Healthcare Phishing Attack Possibly Affects 16,500 Patients

October 12, 2017

Phishing is perhaps the main data safety threat confronted by healthcare companies. The last few weeks have seen many attacks informed by healthcare companies, with the newest healthcare phishing attack among the most severe, having impacted up to or equal to 16,562 patients. Chase Brexton Health Care informs that the attack happened on August 2 and August 3, 2017, when several phishing electronic mails were transported to the inboxes of its workers. Phishing attacks usually take the shape of fake invoices and false package delivery notices, even though these emails were supposed to be reviews. After workers completed the reviews they were needed to insert their login info. Four workers fell for the trick and disclosed their user account identifications. Read More

Texas Patients Now Apprised of 2015 CoPilot Data Breach

October 6, 2017

Patients of a Texas orthopedic clinic are now finding out that a few of their PHI was disclosed in a 2015 CoPilot data breach. During October 2015, a site supported by CoPilot Provider Support Services was accessed by an illegal person. That person gained entrance to, as well as downloaded, the PHI of over 220,000 patients. The site was utilized by providers to find out whether 2 medicines – MONOVISC® and ORTHOVISC®– were protected by the patients’ health cover. CoPilot learned its website had been infringed on December 23, 2015, and started an inquiry. The person who retrieved the data was known and the problem was informed to police. No info was thought to have been available to the general public. Read More

13,000 Patients Possibly Affected by Mercy Health Love County Hospice Breach

October 2, 2017

A Mercy Health Love County Hospice breach has possibly affected over 13,000 patients in Oklahoma. On June 23, 2017, the hospice learned a worker had stolen a laptop computer as well as paper files from a storing unit utilized by the hospice. As per the breach notice released by Mercy Health, the files of 10 patients were taken from the storing unit together with the laptop. The thievery of PHI was primarily probed by the Love County Sheriff’s Office. That probe disclosed the former worker had utilized the stolen info to illegally get credit cards in the patients’ names. Another person is also assumed to have been implicated. Although Mercy Health had up to 60 days to inform patients of Read More

PeaceHealth Worker Accessed Medical Files Without Approval for Nearly 6 Years

October 1, 2017

PeaceHealth, centered in Vancouver, WA, has found one of its former workers had retrieved the medical files of nearly 2,000 of its sick persons without any genuine work reason for doing this. PeaceHealth found the illegal access on August 9, 2017, causing an inquiry. PeaceHealth concluded the illegal access began in November 2011 and carried on until July 2017. The inquiry proved financial information and Social Security numbers were not retrieved by the worker, even though patient names, admission, and discharge dates, medical diagnoses, medical record numbers, and progress notes were all seen. Because of the nature of info which was retrieved, and the outcomes of the internal inquiry, PeaceHealth doesn’t believe any patients affected by the breach are in Read More

1 2