For those of you who haven’t caught on that I have a slew of other breach reports over on PHIprivacy.net, I thought I’d give you a pointer to a really horrific breach I’ve been covering over there this week. It involves 11,000 patients’ data (yes, including SSN and DOB) winding up on a torrent site and being available for download for years….. and then the breached entity not really fully disclosing the breach to affected patients nor offering them any real services or help.
If you want to follow the story chronologically, start here and then read this.
And if you think things can’t get any more disappointing or infuriating, then read how the covered entity is threatening the guy who discovered the breach and reported it in
Shooting the Messenger is Not an Effective Incident Response Strategy.