So we’ve all read breach reports about employees or former employees stealing patient data to go start a new competitive practice or to help their new employer. And a blog post on Dental Practice Marketing and Management by Jim Du Molin about a dental hygienist stealing patient data for her new place of work read…
Category: Health Data
Consequences for HIPAA violations don’t stop when a business closes
There’s a new settlement announcement from HHS OCR that makes clear that even if an entity closes its doors, any HIPAA enforcement action continues: A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the U.S. Department of Health and Human Services (HHS) Office…
NC: Coastal Cape Fear Eye Associates notifies patients after ransomware attack
On February 1, Coastal Cape Fear Eye Associates in North Carolina notified HHS of a hacking incident that impacted 925 patients. Unlike many other ransomware reports where there is no clear evidence of PHI acquisition or compromise, in this incident, there was evidence of actual compromise, although no evidence of exfiltration. Here is the entity’s…
Lawsuit against Rensselaer County partially revived on medical privacy issue
There’s an update to an insider-wrongdoing lawsuit that I first noted back in September, 2013, after some employees at Rensselaer County Jail filed suit against their employer for snooping in their medical records. As I’ve reported in the past, the breaches occurred against a backdrop where the county jail uses Samaritan Hospital to provide services…
Sued by Aetna over botched mail notifications, KCC fires back, suing Aetna
“I sue you, You sue me, We both sue too easily. Too easily to let it show. I sue you and that’s all I know.” — wrote Art Garfunkel never. Alison Frankel reports: A day after Aetna sued the claims administrator Kurtzman Carson Consultants for exposing confidential medical information about Aetna clients in a settlement…
Tennessee hospital notifies 24,000 patients after EMR system attacked with cryptocurrency mining software
In what may be the first report I’ve seen of a hospital having their EMR server hit with cryptocurrency mining software, Decatur County General Hospital in Parsons, Tennessee started notifying 24,000 patients on January 26. A substitute notice on their web site explains: On November 27, 2017, we received a security incident report from our EMR…