Fox16 reports: Arkansas Attorney General Leslie Rutledge today sent an advisory letter to medical licensees throughout Arkansas about their duty to report a data breach under the Personal Information Protection Act (PIPA). The PIPA reporting guidelines, amended in July 2019, mandate that individuals, agencies and businesses notify the Attorney General’s Office at the same time as affected…
Category: Health Data
Exclusive: More than 90,000 patient billing files from an alcohol and drug addiction treatment network exposed online
Update: On December 2, Sunshine Behavioral Health reported this incident to HHS as impacting 3500 patients. They also ticked the box for Business Associate. Update 2: On January 23, 2020, ID Experts submitted a copy of their notification to patients to the Vermont Attorney General’s Office. Another day, another leak. In this case, an error…
Medical supply firm notifies patients after phishing incident
Updated Nov. 20: This incident was reported to HHS as impacting 114007 patients. Original post: Solara Medical Supplies, LLC in Chula Vista, California is notifying some of their patients and employees after discovering that attackers had successfully gained access to some employees’ email accounts that contained employee and patient information. According to a press release…
Ca: No answers on Fort Simpson dump breach until 2020 due to privacy breach backlog
Hilary Bird reports: Almost a year after boxes of personal medical records were found at the Fort Simpson dump, the Northwest Territories Information and Privacy Commissioner hasn’t had time to investigate the breach. A spokesperson for Elaine Keenan-Bengts’ office says that because of a backlog, the commissioner won’t be able to look into the incident…
Analyzing Careless Users, An Often Overlooked Threat
Many have written about how to mitigate the risks posed by malicious insiders. But what about the vulnerabilities associated with Careless Users? What actions can healthcare organizations take to better prevent a breach caused by internal negligence? The Clearwater CyberIntelligence® Institute analyzed the Critical and High risks found in Clearwater’s IRM|Analysis™ database, specifically focusing on…
The University of North Carolina- Chapel Hill School of Medicine Notifying Patients After 2018 Phishing Incident
Some readers may have trouble accessing a notice from the School of Medicine at the University of North Carolina — Chapel Hill due to an issue with Chrome, so I’m embedding the whole notification below. TL;DR version: some employees fell for a phishing attack and their email accounts may have been accessed between May 17,…