Brad Racino and Jill Castellano report on what sounds like either willful or negligent handling of highly sensitive information of research participants bu a non-profit participating in some university-funded research. In either event, the university was notified of a breach in October and STILL hasn’t notified the research participants with HIV whose data was available…
Category: Health Data
Equitas Health notifies 569 members after discovering two employee email accounts had been compromised
Equitas Health, Inc. (“Equitas Health”) learned that it was the victim of a data incident and is notifying individuals whose information may have been affected. On January 8, 2019, Equitas Health became aware of unusual activity within an employee’s email account. Equitas Health conducted an internal investigation which revealed that an unauthorized individual had access…
Oregon Health Authority provides early notification to Oregon State Hospital patients of a phishing incident
I realize that some will fault the entity for making early notification before they have all the facts, but my hat is off to the Oregon Health Authority (OHA). On May 6, they suffered – and quickly stopped – a successful spear-phishing attack that gave the attacker access to one employee’s mail account. That account…
Numbers from the OS, Inc. breach dribble in…
OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
April sets new record for number of health data breaches and incidents (updated)
We’ve seen a record number of incidents reported in the first quarter of 2019, and it’s not getting any better in the healthcare sector. Whether you use HHS’s public breach tool, as Modern Healthcare does, or the system DataBreaches.net and Protenus, Inc. use to track U.S. breaches involving medical or health data, April set a…