Bill Mah reports that a lawsuit filed after a 2013 Medicentres breach has settled. The incident involved a laptop with information on 620,000 Albertans being stolen from the clinic. The laptop belonged to an employee of their IT consultant, AbleIT Inc. The Privacy Commissioner would later rule that the clinic had failed to adequately protect their…
Category: Health Data
Vibrant Body Wellness notifies patients after burglar steals hardware with PHI
Seen on Vibrant Body Wellness: We were robbed! Literally. Yes, it’s sad but true — our office at Vibrant Body Wellness was broken into during the weekend of March 5th to March 8th. Things were stolen and no one was physically injured. We are grateful for that, and have been sorting through the violation and…
Is ransomware considered a health data breach under HIPAA?
Back in March, I blogged about the question as to whether a ransomware attack needed to be reported to HHS as a HIPAA breach. In that post, I quoted an HHS spokesperson who informed DataBreaches.net that a ransomware situation was an impermissible disclosure (because the attacker had access to the data even if the data weren’t…
MI: Former doctor’s office clerk sentenced for stealing patients’ identities
WZZM reports: A former doctor’s office billing clerk will spend time in prison for writing checks and applying for credit cards using information stolen from patients. Christine Ann Kroeze will spend between 4.5 and 14 years in prison on six felony convictions. Read more on WZZM. The accompanying video focuses on a sign that…
Ca: Nurse found guilty of professional misconduct for snooping into patient records
May Warren reports: A Peterborough nurse has been found guilty of professional misconduct for accessing almost 300 confidential patient records at Peterborough Regional Health Centre over two years, at a disciplinary hearing she fought to keep secret. Mandy Edgerton (formerly Edgerton-Reid) was slapped with a four-month suspension and a formal reprimand on Wednesday, by a…
UK: West Dunbartonshire Council warned of court action by ICO over data protection failures
A Scottish council has been rapped by the regulator for repeatedly failing to train staff around data protection. West Dunbartonshire Council were told to implement training on several occasions, as well as being advised to put in place a policy around home working. But their failure to do so ultimately contributed to a data breach…