Media reports yesterday suggested that Gmail login data for 5 million accounts had been leaked online, but there was no evidence that Google itself had been hacked. Here is Google’s statement in response to the incident: One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the…
Month: September 2014
Security lapse by Diamond Computing exposed Diatherix patients' information on the Internet for 22 months
Diatherix Laboratories in Alabama posted this notice on their site about a breach involving Diamond Computing Company: On August 7, 2014, the Compliance Officer of Diatherix Laboratories, Inc. notified 7,016 individuals across the United States that their protected health information (PHI) may have been accessed in connection with a security lapse. Background Information Diatherix provides clinical laboratory testing…
Central Utah Clinic reports server containing 31,677 patients' information was breached in 2012
On August 7, Central Utah Clinic, P.C. posted a breach notification on their web site: PUBLIC NOTICE: Potential Central Utah Clinic HIPAA Breach PROVO, Utah. (Aug. 7, 2014) — Central Utah Clinic is committed to the protection of patient privacy and is notifying 31,677 patients, by letter, of a potential personal health information breach. On…
Administrative law judge denies LabMD's motion to sanction FTC
As I noted on August 28, the FTC had responded (pdf) to LabMD’s motion for sanctions (pdf) in FTC v. LabMD. On September 5, Administrative Law Judge Chappell denied LabMD’s motion. After summarizing the allegations and the FTC’s response, Judge Chappell writes: To support its Motion, Respondent asserts as fact numerous matters that are disputed by Complaint Counsel….
NY: Port Jefferson parents get wrong exam scores
Schools re-opened on Long Island right after Labor Day, and look, we already have a privacy breach. Elana Glowatz reports: Port Jefferson school district Superintendent Ken Bossert assured the community on Tuesday that an error that sent state test scores to the wrong households was a one-time occurrence. Many middle school parents visited the district…
OCR: Be prepared for HIPAA audits
Tom Sullivan writes: When the Office for Civil Rights knocks on your door, asking about HIPAA compliance, it pays to be ready. And OCR is looking to audit providers ranging from large to small, and across a wide geographical distribution. That’s according to OCR’s senior advisor for health information privacy Linda Sanches. Speaking at the HIMSS Media…