Val Verde Regional Medical Center recently discovered a security breach involving a small number of the facility’s overall patient population. On or about Aug. 9, 2015, an independent healthcare provider downloaded unsecured protected health information and emailed it to a personal account without encryption protection. In addition, the independent contractor was not authorized to access…
Category: Health Data
Vidant Health notifies patients whose PHI was exposed in court bankruptcy filings
Vidant Health, who notified employees at its Duplin hospital of a breach in February, has been notifying patients of a separate breach. In a letter to 897 patients, Privacy Officer Joy Hardee writes that Vidant first discovered a problem on January 14, 2016. The letter does not indicate when the breach first occurred, however. … We are…
NZ: Case note 269784: Employee repeatedly accessed health records without proper reason
There has been a new finding in an investigation by the Privacy Commissioner of New Zealand that is especially worth noting for it’s “small breach, big impact” value. Because the health agency is not named, it’s not clear to me whether this incident had been reported in the media and on this site previously: The…
Vulnerabilities in a Third-Party Healthcare Payment Processor
Randy Westergren looked into Christiana Care’s online payment portal, which involves a third party payment processor developed by BYL Companies, LLC. What Randy found was very concerning, and he promptly notified BYL of his findings. You can read his write-up of it all on his site. So here’s the thing: how many people may have actually exploited the vulnerability…
NY: Nurse who took pics of patients’ private parts at Syracuse hospital turns in license
James T. Mulder reports a follow-up on a very disturbing patient privacy breach: A nurse who took photos of an unconscious [SUNY] Upstate University Hospital patient’s penis with her smart phone has turned in her nursing license. The state Education Department announced it has approved a request from Kristen Johnson, 27, of Fulton to surrender her…
Ca: Alberta Health Services implements new privacy training following massive fall 2015 breach
Jeremy Simes reports: Following a breach of privacy investigation at a southern Calgary hospital last fall, Alberta Health Services (AHS) has withdrawn or reduced disciplinary action against dozens of hospital employees, though they’re getting personalized training so it doesn’t happen again. The breach involved 48 South Health Campus employees in connection to a Calgary police…