On January 24, I posted a breach notification from PIH Health with a commentary on how long it took from the time of the phishing attack to notification of almost 200,000 potentially affected patients. There was nothing in their notification, however, that suggested that patients had actually had their protected health information stolen or misused….
Category: Health Data
Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack
Statement from Endeavor Energy Resources (via MRT): “Endeavor Energy Resources, L.P. (“Endeavor”), an oil and gas exploration and production company, discovered on Jan. 14 that earlier that day an unauthorized party, through a phishing scam, possibly gained access to unsecured protected health information stored in the corporate, Office 365 account of an Endeavor employee. After…
Personal health information of nearly 2,900 Queen’s patients sent to wrong email address
The Star Advertiser reports: An employee sent an email containing personal health information for 2,852 patients of The Queen’s Medical Center and Queen’s North Hawaii Community Hospital to the wrong address on Feb. 3, Queen’s officials announced today. No Social Security numbers or financial account information was included, so patients’ financial security is not at…
Ste-Justine hospital employee fired after patient files consulted without authorization
Canadian Press reports: An employee of Ste-Justine hospital was fired after she consulted “without justification” the medical files of 344 patients, some of them employees, the hospital announced on Friday. The hospital said it had also filed a complaint with police against the ex-employee, who worked in one of its clinics. Read more on Montreal…
CA: VibrantCare Rehabilitation notifies patients after employee email account compromised
VibrantCare Rehabilitation in California recently notified 1,655 patients after an employee’s email account was accessed. They notified HHS on February 8 and posted this notice on their website: ABOUT THE INCIDENT VibrantCare Rehabilitation, Inc. (“VibrantCare”) is providing notice to individuals of an incident that may have affected the security of some information relating to certain…
United Regional sends letters to patients about information breach
News6 in Texas reports that United Regional Health Care System has disclosed an incident that occurred last July when someone accessed an employee email account. It was only in December that they first confirmed that patient information could have been accessed in the email account, even though there was no direct evidence that it had…