Excellus Health Plan, Inc. has agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach…
Category: Health Data
Co: Pitkin County COVID-19 case investigations inadvertently exposed online
PITKIN COUNTY, Colo., Jan. 14, 2021 /PRNewswire/ — Pitkin County learned of an incident that may affect the privacy of certain information and is providing notice so that affected individuals may take steps to better protect their personal information, should they feel it is appropriate to do so. To date, Pitkin County has seen no evidence that any personal information…
M.D. Anderson’s $4.3 Million Fine for Patient Data Loss Vacated
This is huge. Mary Anne Pazanowski reports: The University of Texas’s M.D. Anderson Cancer Center dodged a $4.3 million fine for losing over 35,000 people’s protected health information after the Fifth Circuit ruled Thursday that HHS acted arbitrarily and capriciously in finding that the provider violated two information security regulations. You can read more on…
Unauthorized access of Stormont Vail’s internal vaccine scheduling site
Sarah Motter reports: TOPEKA, Kan. (WIBW) – News today from Stormont Vail CEO Dr. Robert Kenagy that their internal vaccine scheduling website was shared outside of their health system. Dr. Kenagy said that it appears as though an employee(s) shared the online vaccine scheduling program with people outside of Stormont Vail. In an email to…
Data, Privacy, Pandemic: India just had the Biggest Medical Records Breach Ever
Oommen C. Kurian writes: Public debate this week has been dominated by how WhatsApp compromises personal data and privacy, and the pros and cons of its competitors. On 5 January, there was a story on a technology portal about how details of COVID-19 test results of tens of thousands of patients were leaked on the net through…
Jefferson Healthcare hit by ‘phishing’ cyber attack
Brian Kelley reports: The personal information of roughly 2,550 people was compromised by a “phishing” attack on the email account of an employee at Jefferson Healthcare, the organization announced Monday. The information stolen may have included the full names of individuals, as well as their dates of birth, phone numbers, home addresses, and health insurance…