Several medical groups in Massachusetts were notified by their hosting service, Clearpoint Design, Inc., that a dedicated server on Hosting.com was hacked on October 18, 2012. The practices affected were South Shore Medical Center, who notified 4,100 patients, Harbor Medical Associates, P.C., who notified 4,343 patients, and Child & Family Psychological Services, Inc., who notified 7,250 patients….
Author: Dissent
Central London Community Healthcare NHS Trust's appeal of ICO's breach penalty dismissed
Back in May, I noted that the Information Commissioner’s Office in the U.K. had issued a fine of £90,000 to Central London Community Healthcare NHS Trust after the trust had misdirected faxes containing sensitive information on 45 occasions during the previous year. The trust immediately announced it planned to appeal. Today, Robin Hopkins of Panopticon reports that the…
Patient data – and lives – at risk from security vulnerabilities
Hacks involving medical systems and databases scare me. The potential for malicious harm is huge. Despite the fact that we’ve known about the risks since the 1983 hack of Sloan-Kettering, and despite the fact that we received some troubling reminders recently with demonstrations involving pacemakers or insulin pumps, the healthcare sector still lags behind the…
Genesco may sue credit card companies over fines for 2010 data breach
In December 2010, Genesco, the parent company of United States Journeys, Journeys Kidz, Shi by Journeys, Johnston & Murphy, and Underground Station, disclosed its network had been compromised by malware and that it had first learned of the compromise from payment processors. Fast forward two years, and Genesco may be suing American Express, MasterCard and Visa for $15.6 million, according…
6,000 patients to be notified after UDOH contractor loses drive with unencrypted PHI
The Utah Department of Health reported another breach today. This time, blame an employee of their contractor, Goold Health Systems, who violated policy by transferring PHI to an unencrypted USB drive which was lost during travel. The drive contained about 6,000 patients’ names, Medicaid numbers, ages, and recent prescription history.
EU ministers to consider ‘two-strikes’ rule for data breaches
Jennifer Baker reports: European Union justice ministers will consider a “two-strikes” rule for data breaches. The Irish Presidency of the European Council published a paper on the protection of citizens’ personal data that will be discussed at Justice and Home Affairs Council in Dublin on January 17 and 18. The paper asks European justice ministers…