The University of Vermont Health Network – Elizabethtown Community Hospital takes seriously the privacy and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information. We are notifying individuals potentially affected by a recent data security incident in which, for a brief period of time, an employee’s email…
Category: Health Data
How To Protect Healthcare Records In A Zero Trust World
Louis Columbus writes: There’s been a staggering 298.4% growth in the reported number of patient records breached as a result of insider-wrongdoing this year alone according to Protenus. The total disclosed number of breached patient records has soared from 1.1M in Q1 2018 to 4.4M in Q3 2018 alone, 680K of which were breached by insiders. There…
Contra Costa Health Plan notifying patients after discovering contractor had used falsified identity to get contract
It seems Contra Costa Health Plan discovered that a contractor that they had hired and who had access to EHR beginning on December 1, 2014 had used a falsified identity to get the contractor position. The position involved access to EHR as part of the contractor’s functions relating to utilization management. In a letter to…
Ca: Hundreds of N.W.T. health records found at Fort Simpson dump
Hilary Bird reports: An N.W.T man says he found hundreds of confidential medical records at the Fort Simpson dump. The documents contain detailed information about patients’ mental health and history of drug use, including applications to addictions treatment facilities, progress reports from those facilities, and detailed notes from one-on-one counselling sessions. The documents, many of…
GA: Mind & Motion notifies 16,000 after ransomware attack
One of the newer incidents appearing on HHS’s public breach tool this week is a report from Mind & Motion, LLC in Georgia. Mind & Motion offers various types of therapeutic modalities. On September 30th, 2018, they discovered that their server had been attacked with ransomware. In a notification to patients, they write: We have…
No Data Breach, No Case
Michael Mayer of Faruki writes: An Ohio federal district court recently handed down a ruling that will make companies storing client data breathe a sigh of relief. In Williams-Diggins v. Mercy Health, Case No. 3:16-cv-1938 (N.D. Ohio), a patient sued a health system because of deficient patient information software. (The defendant-health system certified that it subsequently…