To his credit, Dave Kennedy tried to analyze breaches based on Privacy Rights Clearinghouse data. PRC’s database begins with 2005 breaches and allows interested individuals to sort by year, breach type, and sector. After pulling out the numbers for 2010 and 2011 to compare to previous years, Kennedy reports that healthcare was/is the most breached…
Category: Health Data
Senator Franken considering legislation to encourage (but not require?) encryption for healthcare and OMR providers
Coverage by Diana Bartz of Reuter’s from today’s Senate subcommittee hearing on protecting health information privacy in a digital world: […] “We know from the statistics on breaches that have occurred since the notification provisions went into effect in 2009 that the healthcare industry appears to be rarely encrypting data,” according to written testimony by Deven…
Three months after tapes are reported missing, ValueOptions notifies National Elevator Industry subscribers (updated)
I just read a notification to the New Hampshire Attorney General’s Office that is both thorough in its description of the event and steps taken, but also needlessly increased the risk to those affected. In a letter dated October 28, ValueOptions, Inc. described how a container of tapes containing unencrypted data went missing after being…
SC: Confidential Patient Information Found on Hard Drive
Ouch. Jeff Brush reports: Officials at Behavioral Health Services of Pickens County are trying to figure out exactly how a computer hard drive with confidential patient information made it outside the facility. John Schafer, of Easley, a retired elevator repairman who fixes computers as a hobby, made a shocking discovery recently when he installed a…
(update) 'No identity theft in Tallaght data breach'
Niall Hunter reports: The Data Protection Commissioner has said no evidence has emerged of patient identity theft or the selling of patient data taking place as a result of a major medical data breach at Dublin’s Tallaght Hospital. During the summer, the Commissioner started investigating a major data protection breach arising in relation to the…
Breach in online payment system for Lawrence Memorial Hospital exposed up to 10,000 patients’ credit card or checking information
A public notice issued by Lawrence Memorial Hospital in Lawrence, Kansas that appeared on 6News (but not, apparently, on the hospital’s web site yet): On October 28, 2011, Lawrence Memorial Hospital learned that certain information maintained by Mid Continent Credit Services, Inc., d/b/a Blue Sky Credit, the hospital’s vendor for online patient bill-pay services, was inadvertently…