San Diego, California: February 2, 2018 – Ron’s Pharmacy Services (“Ron’s Pharmacy”) is notifying certain patients of the unauthorized access to certain limited pieces of patient information, including patient names, Ron’s Pharmacy internal account numbers, and payment adjustment information. This information also included prescription medication information for a small number of impacted individuals. Although we…
Category: Health Data
Court Declines to Dismiss Claims Against Business Associate Subcontractor Responsible for HIPAA Breach
CVS Pharmacy, Inc. v. Press America, Inc., 2018 WL 318479 (S.D.N.Y. 2018) A federal court has declined to dismiss a lawsuit filed by a pharmacy benefit manager (PBM) against a mail service that violated the HIPAA privacy rule when it misaddressed mail and improperly disclosed protected health information (PHI) of 41 individuals. The PBM, which…
Forrest General Hospital patients notified after business associate breach involving protected health information
HORNE LLP (“HORNE”) is providing notice of an incident that occurred at HORNE and may affect the security of protected health information of certain Forrest General Hospital patients. HORNE has access to these individuals’ personal health information as part of services HORNE provides for Forrest General Hospital with certain Medicaid reimbursement services. While HORNE is…
Eastern Maine Medical Center notifying 660 cardiac ablation patients after vendor’s hard drive discovered missing or stolen
Meg Haskell of the Bangor Daily News reports that 660 patients at Eastern Maine Medical Center will be receiving letters that their personal information was on a hard drive that was discovered missing on December 22, 2017. The hard drive, owned and operated by an unnamed vendor, held information on patients who underwent cardiac ablation between Jan. 3,…
Logs audit reveals The Peds in Las Vegas suffered insider-wrongdoing breach in 2014
There is so much wrong with this one that although I give them great credit for admitting they had a breach four years ago that they first discovered, I find their notification quite concerning. From The Pediatric Endocrinology and Diabetes Specialists, 5235 South Durango #103, Las Vegas, NV 89113: On 11 January 2018, during an audit of…
Records of pain device patients on stolen Nevro laptops
Nevro Corporation in California provides what they call HF10 therapy devices for patients coping with chronic pain. After several laptops with patient data were stolen during an office burglary, they had to notify patients that their information was on the unencrypted devices: name, street address, birth date, procedure date, medical device identifiers (such as serial number),…