James T. Mulder reports: An Upstate University Hospital employee inappropriately accessed the medical records of 1,216 patients without a work or job-related reason. Upstate announced it is contacting affected patients and the U.S. Department of Health and Human Services about the privacy breach. The former employee accessed the records between Nov. 3, 2016 and Oct….
Category: Health Data
PA: May Eye Care notified 30,000 patients after ransomware incident
Ransomware continues to pose a major threat to covered entities, and not surprisingly, an incident reported to HHS in October by a Hanover, Pennsylvania eye care center turned out to be yet another ransomware incident. The practice kindly sent me a copy of the notification letter they sent to 30,000 patients: Dear Sir or Madam,…
AL: Huntsville Hospital reports employee applicant breach at Jobscience
From Huntsville Hospital, this press release yesterday, seen at WAFF: “Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to…
TX: Metrocare notifies 1,804 patients after employees’ email hacked
On November 1, the Dallas County Mental Health Mental Retardation Center (doing business as Metrocare Services) notified HHS of a breach affecting 1,804. The following is their published notifcation, provided to this site by their spokesperson. DALLAS, TX – Metrocare Services announced today that it is mailing notification letters to some of its community members regarding…
UK: Police probe into data breach at Crosshouse after staff accessed patient records
Paul Fisher reports: Police have launched an investigation after a number of patients have had their personal details accessed by a member of staff at Crosshouse Hospital. Those affected, believed to be mainly women, were notified that information, including their phone numbers and addresses, had been accessed and that the member of staff who breached their privacy…
Southwest Washington Regional Surgery Center notifies 2,393 patients after phishing attack exposed their PHI
The Southwest Washington Regional Surgery Center in Vancouver, Washington, recently notified the Oregon Attorney General’s Office of a breach that they discovered on September 25, 2018. Here is the text of their notification, as posted on their web site: Southwest Washington Regional Surgery Center, LLC (“SWRSC”) is committed to maintaining the privacy and security of…