From their press release, issued yesterday: Primary Health Care Inc. (“PHC”) is providing notice of an incident that occurred at PHC and may affect the security of protected health information of certain PHC patients. While PHC is unaware of any actual or attempted misuse of the information, this notice contains details about the incident and…
Category: Health Data
DocuTrac medical software is a breach risk, warns Rapid7
Warwick Ashford reports on what seems to me to be yet another case of hard-coded credentials creating a critical vulnerability in protecting patient data, and I, of course, have questions. Ashford reports: The QuicDoc & Office Therapy suite of software produced by DocuTrac contains security vulnerabilities that could allow attackers to gain control of patient…
ATI Physical Therapy notifies patients of data breach
ATI Physical Therapy is notifying patients of a security incident that appears to have targeted employees’ email accounts. Here is their update of March 12, although I’m not sure when any previous notification may have been published (their newsroom does not show any prior notice on their site): About the data privacy event ATI Holdings,…
Owner says North Battleford store receiving private medical records via fax
If you harbored any hope that we might be done with breaches due to misdirected faxes, I hate to disillusion you, but Meaghan Craig and Thomas Piller report yet another example in Canada: The Saskatchewan Health Authority is looking into instances where confidential medical records were allegedly faxed to a computer store in North Battleford….
Medical and personal information on 33,420 BJC HealthCare patients left exposed on Internet
By Blythe Bernhard A security breach at BJC HealthCare left personal information on 33,420 patients potentially available to the public, a company spokeswoman said today. The patients’ medical records, names, addresses, telephone numbers, dates of birth, Social Security numbers, drivers license numbers, medical and insurance information were accessible through the Internet from May 9, 2017,…
A.G. Schneiderman Announces $575,000 Settlement With EmblemHealth After Data Breach Exposed Over 80,000 Social Security Numbers
March 6 – Attorney General Eric T. Schneiderman today announced a settlement with healthcare provider EmblemHealth and wholly owned subsidiary Group Health Incorporated (“EmblemHealth”) after the company admitted a mailing error that resulted in 81,122 social security numbers being disclosed on a mailing. In addition to paying a $575,000 penalty, EmblemHealth agreed to implement a Corrective…