Kimberly Bosco reports: New York-based health insurance provider EmblemHealth, Inc. is paying the state of New Jersey a hefty fine for disclosing confidential personal information of over 6,000 New Jersey customers. Attorney General Gurbir S. Grewal and the Division of Consumer Affairs announced on Dec. 10 that EmblemHealth will pay NJ a $100,000 civil penalty….
Category: Health Data
Thielen Student Health Center accidentally leaks patient names, appointment dates
Kaitlyn Hood reports: Thielen Student Health Center (TSHC) experienced a data leak where inadvertently disclosed student information could be seen. Erin Baldwin, director of Thielen Student Health Center said on Nov. 5 the TSHC experienced a breach in their system when a coding error occurred as they put student information into a system to be…
Twelve US states join for the first time to file multistate data breach lawsuit
Catalin Cimpanu has a good write-up about the multistate lawsuit against Medical Informatics that I noted earlier this week: Attorneys general from twelve US states have joined together to file the first-ever joint cross-state HIPAA lawsuit against a healthcare provider that got hacked in the summer of 2015. The lawsuit, filed in an Indiana court…
Florida contractor physicians’ group settles HHS claims after they failed to have a BA agreement in place with a vendor who had a breach
There is a follow-up to a 2014 breach reported on this site at the time. But it turns out there was an interesting twist to this case that HHS followed up. Here is their press release: Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the…
Medical Informatics sued by multiple states over 2015 breach
A 2015 hack of Medical Informatics stayed in the headlines for quite a while because it compromised the data, including health information, of 3.9 million people. In addition to suits filed by consumers, state attorneys general have also sued the business associate, as Dave Gong reports: Fort Wayne-based Medical Informatics Engineering Inc. failed to secure…
Cancer Treatment Centers of America Notifies Almost 42,000 Patients of Possible Access to Their Protected Health Information
CORRECTION: I don’t know how I did it, but instead of typing 42,000, I kept typing 92,000 when I originally wrote this one up. The number of patients affected was 41,948, as it said at the bottom of the post. My apologies to CTCA. Another phishing incident where an employee’s email account was storing a…