As an update to previous coverage on the Henry Ford Health System breach involving a stolen laptop containing unencrypted PHI: 1. The breach affected 3,700 patients according to the hospital’s notification to HHS under the breach notification requirement of HITECH. 2. The hospital posted a notice to its web site on Nov. 19: Henry Ford…
Category: Health Data
FTC Approves Final Order Settling Charges that Rite Aid Failed to Protect Medical and Financial Privacy of Customers and Employees
Following a public comment period, the Federal Trade Commission has approved a final order settling charges against Rite Aid Corporation, and sent letters to members of the public who submitted comments on the order. The FTC charged that the company failed to protect the sensitive financial and medical information of its customers and employees. The…
UK: Computer hacker controlled victims' webcams from mother's front room
A computer hacker accessed highly personal data and controlled victims’ webcams as part of a sophisticated email scam carried out from his mother’s front room. Matthew Anderson, 33, was a key member of an international gang, abusing his skills as a computer security expert to target businesses and individuals with spam containing hidden viruses, a…
Ex-Macon hospital worker accused of accessing patient information
Phillip Ramati reports: Macon police are investigating a former employee of Coliseum Hospital accused of entering a secure area and accessing patient information, according to a report. According to the report, investigators are looking into a former employee at the hospital who was there Thursday afternoon for a nurse’s birthday party. While there, the former…
(update and correction) North Carolina Baptist Hospital/Wake Forest University Baptist Medical Center breach
Back in March, I noted that HHS had added a breach report to their web site from North Carolina Baptist Hospital. At the time, the only information I had was from the HHS log showing that the PHI of 554 individuals was involved in the theft of paper records on February 15 and I did…
California serious about unauthorized employee access to patient data
The California Dept. of Public Health has just fined seven more entities whose employees improperly accessed patient data. You can read the summaries on the companion blog at It’s great that the state is fining them, but one wonders why HHS/OCR are not also fining entities for these types of breaches or even worse…