There’s a follow-up on a case first reported in 2015, although we still do not know the name of the victim dental practice: Manhattan District Attorney Cyrus R. Vance, Jr., today announced the sentencing of ANNIE VUONG, 31, to 2-to-6 years in state prison for stealing personal identifying information from more than 650 patients at…
Category: Health Data
Integrated Rehab Consultants notifying patients after potential breach first discovered in 2016
From their press release: On December 2, 2016, Integrated Rehab Consultants(“IRC”) was contacted by a healthcare researcher regarding IRC data that was present on a public repository. IRC immediately commenced an investigation and determined that an IRC vendor provided IRC data to another third-party vendor who then inadvertently uploaded the data to a public repository. …
Former California State Contractor Sued Over Breach Of HIV Patient Privacy
Anna Gorman reports: A security breach by a private company that contracted with California’s public health department inadvertently allowed unauthorized access to the HIV status of 93 people, according to a lawsuit filed this week in San Francisco County Superior Court. New York-based nonprofit Lambda Legal filed the lawsuit against the contractor, A.J. Boggs &…
ID theft suspect had medical records, personal information of 100+ people, police say
WAVE3 reports: A man pulled over for allegedly driving a stolen car is facing a host of other charges. Andrew Davis was pulled over in a stolen car and what the arresting officers found during the search of the vehicle led to a total of 13 charges, according to Davis’ arrest report. Found in the…
Chesapeake Regional Healthcare notifies 2,100 sleep center patients of medical record breach
Elizabeth Simpson reports: Chesapeake Regional Healthcare is notifying 2,100 patients from the hospital’s sleep center program that some of their electronic health information might have been compromised. Two portable hard drives were reported missing from the hospital’s sleep center on Feb. 6, which prompted contacting law enforcement, according to a Friday news release from the…
Is OCR Moving the Goal Posts on Vendor Management?
Yesterday, I posted an item about a settlement between New Jersey and Virtua Medical Group after a 2016 data leak by their transcription vendor exposed approximately 1,600 patients’ information on the internet. New Jersey took the position that this was a HIPAA violation and that the entity was responsible for what its vendor had done…