Regular readers will realize that I’ve been reporting on the Summit Reinsurance breach since it first appeared in a covered entity’s disclosure back in November. Since then, I’ve been compiling and/or reporting on other entities affected by the ransomware attack that they discovered August 8, 2016. So seven months after discovery, they are first issuing a public…
Category: Health Data
UK: Nurse inappropriately accessed patient records for three years
STV reports: A night-shift nurse accessed the medical records of a colleague who was on sick leave. Lorraine Mcintosh faced disciplinary proceedings over her actions, which came to light when she was overheard discussing “blood test results and the reason for sick leave of another staff member” with a fellow employee. The nurse, who had…
VCU Health System notifies 2,700 of inappropriate access to their medical records
The Richmond Times-Dispatch reports: Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes. The breach was found Jan. 10…
Brand New Day notifies 14,005 members after breach at vendor
From their press release of March 10: Universal Care, Inc. dba Brand New Day (BND) announced today that it has notified individuals related to a privacy incident involving information stored by a third-party vendor. The incident did not involve information that was stored or maintained on BND’s own systems. On December 28, 2016, BND learned…
Denton Heart Group notifies patients stolen hard drive held 7 years’ worth of PII/PHI
As seen on their site: Denton Heart Group (the “Clinic”), a member of HealthTexas Provider Network (HTPN) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice concerns an incident involving some of that information. On January 11, 2017, we learned that an external computer hard drive was stolen from…
BJC HealthCare Raising St. Louis Notifies Participants of Unencrypted Emails
As seen on their site: BJC HealthCare has notified 644 current and former Raising St. Louis participants that identifying information was shared between participating program partners through unencrypted emails. This is outside of established protocols and BJC sincerely regrets this error. However, no information related to Social Security numbers or other financial information was included…