Lisa O’Brien reports: The trust running Oswestry’s orthopaedic hospital has reported a data breach involving patients who were involved in a long-standing study. An investigation has been launched after Robert Jones and Agnes Hunt Orthopaedic Hospital NHS Foundation Trust reported the breach to the Information Commissioner’s Office. […] It is understood that the data breach…
Category: Health Data
The Oregon Clinic notifies patients after employee email account hacked
From their press release: The Oregon Clinic announced today that a data security incident may have affected protected health information (PHI) within an email account. On March 9, 2018, The Oregon Clinic learned that an unauthorized third party accessed an email account. The Oregon Clinic immediately disabled the unauthorized access to the account and began…
Protection of Patient Health Information at Navy and Air Force Military Treatment Facilities
Audit: DODIG-2018-109 (pdf) From the audit’s findings: Officials from the DHA, Navy, and Air Force did not consistently implement security protocols to protect systems that stored, processed, and transmitted EHRs and PHI at the locations tested. Specifically, we identified issues at the Naval Hospital Camp Pendleton; San Diego Naval Medical Center; USNS Mercy; 436th Medical…
HIV Patient’s Records Leaked, UAMS Fires 3
KARK reports: University of Arkansas Medical Sciences fired three employees over sharing an HIV patient’s private medical information. The records included the patient’s name, age, surgical history, HIV status and employment information. The hospital says the employees were fired after being accused of violating their HIPAA oath. “We took action right away,” said Vice Chancellor…
FastHealth breach still first being disclosed to some clients’ patients
Ugh. The FastHealth breach is still dripping out with yet more people first being notified. This time, it’s Cullman Regional. There’s no provision in HITECH (at least as far as I know) that would require a business associate to make one public disclosure of how many patients, total, have to be notified about an incident….
WI: Class action lawsuit filed against UnityPoint over data breach disclosed in April
Ed Treleven reports: UnityPoint Health, which operates Meriter Hospital in Madison, delayed reporting a data breach and falsely told patients that information stolen during the breach did not include their Social Security numbers, according to a federal class-action lawsuit filed Friday. The lawsuit, filed in U.S. District Court in Madison, concerns a reported data breach…