Some breaches dribble out over time, especially when they involve a business associate. This time, it’s Magellan Healthcare, Inc. On September 17, Magellan Healthcare, Inc. notified HHS after an employee of Magellan Rx Management fell prey to a phishing attack in May that was discovered July 5. Analysis of the contents of the employee’s email…
Category: Health Data
Loudoun Medical Group D/B/A Comprehensive Sleep Care Center notifies patients after employee email account compromise
Loudoun Medical Group d/b/a Comprehensive Sleep Care Center (CSCC) in Virginia issued a press release yesterday. According to their timeline, on or around June 19, they became aware of unusual activity in an employee’s email account. Their investigation subsequently determined that unauthorized access to the one account occurred between June 15 and June 19. The…
IvyRehab reports data security breach after employee email accounts compromised
Update: This incident was subsequently reported to HHS as affecting 125,000 patients. Lee News reports: BLOOMINGTON — Ivy Rehab Physical Therapy, which has locations in Bloomington, Decatur and Clinton, has reported a data security breach and offering free credit monitoring to concerned patients. […] In May, the company discovered some employee email accounts may have…
OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …
PA: UPMC Susquehanna admits employee snooped in co-worker’s medical records
John Beauge reports: UMPC Susquehanna admits that one of its employees improperly looked at the protected health information of a co-worker who had missed work following a brutal assault. The admission is contained in a letter attached to the Lycoming County court complaint of Taylor Fausnaught, who is suing the health system and employee Tasha…
NE: Great Plains Health hit by ransomware
NBC reports: According to Great Plains Health officials, around 7 p.m. Monday, ransomware was detected in the Great Plains Health computer network. The hospital’s information systems team immediately identified the issue and worked through the night to minimize the impact to local health services. Read more on NBC.