PA News Agency reports that as a result of the attack, more than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected, and a significant number of GP practices in London were unable to order blood tests for their patients. Now the Health Service Journal (HSJ) [paywalled] has reported that…
Category: Health Data
Episource notifying 5.4 million patients of cyberattack in January
Episource, LLC, is a business associate that provides healthcare technology and solutions, specializing in medical coding, risk adjustment, and data analytics for health plans and providers. On February 6, anomalous activity in their system alerted Episource to a potential attack. In response, they shut down computer systems, initiated an investigation, called in a special team,…
HealthEC Agrees to $5.48 Million Settlement to End Data Breach Lawsuit
Daniel Lopez reports: HealthEC LCC and its clients finally reached a settlement to resolve a class action data breach lawsuit involving a hacking incident and data breach in 2023. Analytics software vendor HealthEC, based in New Jersey, provides healthcare companies with a platform to determine high-risk patients and limitations to optimal healthcare. From July 14, 2023…
Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
Hiring employees who work remotely can pose additional challenges for security and compliance with regulations. In March, Sentara Health disclosed an incident concern that resulted in the notification of 1,620 patients. They described the concern this way: In December, the Sentara Health’s Lab Services department hired an individual to process lab requisitions. Lab requisitions are…
WMATA Train Operators Arrested in Health Care Fraud Scheme
June 13 – Michelle Shropshire, 54, of Waldorf, Maryland, and Harlisha Jones, 49, of Clinton, Maryland, and Washington, DC, were arrested this morning on health care fraud, wire fraud, mail fraud, aggravated identity theft, and conspiracy charges filed in U.S. District Court. According to the indictment, from June 2021 through January 2024, Shropshire and Jones,…
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Claims of “negligence” are often raised in lawsuits. DataBreaches is not a lawyer, of course, but wonders whether by now, we should consider a plastic surgeon “negligent” in their data security if they store nude photos of their patients with patient names and identity information in plain text and no strong encryption or suitable alternative…