DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Breaking up is hard to do, part 2: The vendor strikes back

Posted on January 5, 2013 by Dissent

Today’s Los Angeles Times covers a situation I discussed  yesterday involving Kaiser Permanente and Surefile Filing Systems*. Because Chad Terhune’s report involves statements by Stephan Dean, owner of Surefile, some of its details may appear to contradict what I reported yesterday.  In actuality, the “he said – they said” nature of the reporting simply emphasizes how serious this case is from the perspective of whether patient information was, and is, protected.

As just one example, Kaiser denied that any PHI in e-mails retained by Dean or the spreadsheets created by Dean contained sensitive information, yet the L.A. Times reports – based on Dean’s statements to them – that “Until this week, the Deans also had emails from Kaiser and other files listing thousands of patients’ names, Social Security numbers, dates of birth and treatment information stored on their home computers. Later in the report, Terhune notes:

Dean said Kaiser showed little concern for patient privacy in handling those requests. Only one out of more than 600 emails from Kaiser was password-protected with encryption, he said. Many medical providers use such technology so information isn’t visible to others.

“Every one of these records is somebody’s life,” Dean said recently, scrolling quickly through what he said was Kaiser information on his computer screen. “We could have sold these emails to somebody in Nigeria, but Kaiser doesn’t care about its patients’ information.”

Kaiser said that government rules don’t require encryption and that “our vendors are contractually required to maintain secure environments for all records, and this includes Sure File.”

Kaiser is correct as far as their statement goes, and if there was a BAA in effect, then Dean is mistaken in claiming that he could have sold those records.

But more to the point: someone is flat-out lying about what information and records Dean did not return nor destroy and the extent to which they were secured consistent with HIPAA’s Security Rule.

California and HHS need to get to the truth and take appropriate action. And the judge overseeing the case in Superior Court Riverside, in Indio, should order Dean to turn over all computers containing any electronic information to be preserved and protected by the court.

* Some reports call the company Sure File Filing Systems, but court records refer to them as Surefile Filing Systems

 

Category: Health Data

Post navigation

← 29 Romanian Sites hacked on a shared hosting
claim only: Anonymous Hacked, Data leaked from Anonops.com by @ThisIsGame0ver →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.