Ransomware continues to pose a major threat to covered entities, and not surprisingly, an incident reported to HHS in October by a Hanover, Pennsylvania eye care center turned out to be yet another ransomware incident. The practice kindly sent me a copy of the notification letter they sent to 30,000 patients: Dear Sir or Madam,…
Category: Health Data
AL: Huntsville Hospital reports employee applicant breach at Jobscience
From Huntsville Hospital, this press release yesterday, seen at WAFF: “Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to…
TX: Metrocare notifies 1,804 patients after employees’ email hacked
On November 1, the Dallas County Mental Health Mental Retardation Center (doing business as Metrocare Services) notified HHS of a breach affecting 1,804. The following is their published notifcation, provided to this site by their spokesperson. DALLAS, TX – Metrocare Services announced today that it is mailing notification letters to some of its community members regarding…
UK: Police probe into data breach at Crosshouse after staff accessed patient records
Paul Fisher reports: Police have launched an investigation after a number of patients have had their personal details accessed by a member of staff at Crosshouse Hospital. Those affected, believed to be mainly women, were notified that information, including their phone numbers and addresses, had been accessed and that the member of staff who breached their privacy…
Southwest Washington Regional Surgery Center notifies 2,393 patients after phishing attack exposed their PHI
The Southwest Washington Regional Surgery Center in Vancouver, Washington, recently notified the Oregon Attorney General’s Office of a breach that they discovered on September 25, 2018. Here is the text of their notification, as posted on their web site: Southwest Washington Regional Surgery Center, LLC (“SWRSC”) is committed to maintaining the privacy and security of…
Sins of Others May be Visited on Employer
Matt Fisher writes: Healthcare organizations are learning tough lessons that actions of employees can come back with serious consequences to the organization. When it comes to maintaining the privacy and security of patient data, no action comes without a consequence. While some actions are completely uncontrollable, that does not necessarily mean that liability cannot potentially…