Misdirecting e-mail with PHI is bad. Misdirecting it to a reporter, well, that’s just begging for bad press. Carolyn Y. Johnson reports: The first e-mail came at the end of June. It was from a doctor’s office in another state—a large cardiology group. The note listed the name of a test. It listed the full…
Month: August 2013
Huntington’s Disease Society of America notifies employees and donors of possible compromise of their information
On May 3, an intruder compromised the web mail account of an HDSA executive. The purpose was likely to facilitate a fraudulent wire transfer from HDSA’s bank account, as the transfer could only occur if an email sent to the executive’s account was approved. The attempt failed, as the executive discovered the compromise on May…
Retinal Consultants Medical Group notifies patients after laptop with PHI was stolen from their office
On June 7, Vitreo-Retinal Medical Group, Inc. (dba Retinal Consultants Medical Group) discovered that a laptop computer which was a component of a diagnostic imaging machine, was stolen sometime after the office closed on June 5. The laptop contained unsecured PHI including patient names, dates of birth, gender, race, and OCT (optical coherence tomography) images. In…
Details emerge on Medtronic breach
More details have emerged on the Medtronic breach noted previously on this blog. Christopher Snowbeck reports: In early July, the manufacturer notified patients about a box of training records that had gone missing from a facility in Minnesota, Resman said. Most of the documents and records in the box dated back to 2008 and were…
Dealing with a health data breach: Six safeguard trends
Over on HealthITSecurity.com, Patrick Ouellette has an article on data breach response trends. You can read it here.
Security breach at Opscode as attackers download databases
Iain Thomson reports: Opscode, the commercial side of the open source Chef configuration management tool beloved by Google, Facebook, and IBM, has warned customers that a flaw in an unnamed third-party application has left its wiki and ticketing system pwned. “The attacker gained escalated privileges and downloaded the user database for the wiki and ticketing…