Beverley Head reports: Hackers are targeting the Australian health sector, with fully populated digital health records sold on the black market for up to A$1,000 each. Plans to make the personally controlled electronic health record (PCEHR) an opt-out – rather than the current opt-in regime – could significantly expand the range of targets for health hackers….
Category: Health Data
Affinity Health Plan notifies members of PHI breach
Affinity Health Plan notified 496 heads of household within Affinity’s membership on August 21, 2015, about the disclosure of some of their personal information via a mailing of Child Health Plus renewal letters. A sample of the notification letter sent to affected households can be found in this link, which explains the incident in greater detail. On…
NZ: Kiwis’ private medical information spilled in email gaffe
Simon Plumb reports: A Ministry of Health email blunder has spilled private medical information of 24,000 Kiwis. Officials are investigating how a spreadsheet of National Health Index (NHI) numbers, containing the birth and death dates of 24,092 people, was emailed to around 950 pharmacists yesterday morning. The email was supposed to be sent internally. Security…
1,040 Sentara Heart Hospital patients notified of HIPAA breach
Elizabeth Simpson reports that a person or persons managed to steal two portable hard drives with PHI from two electrophysiology labs at Sentara Heart Hospital in August: The August theft of two portable hard drives from Sentara Heart Hospital’s electrophysiology labs led hospital officials to send letters about a security breach this week to 1,040 patients….
UK: 3,634 patients hit by East Sussex Healthcare Trust data breach
The Hastings & St. Leonards Observer reports that one of the trust’s consultants lost a thumb drive with data on over 3,600 patients. Hospital papers have revealed the confidential details of more than 3,500 patients were discovered on an unencrypted data stick. The incident was discussed at an East Sussex Healthcare Trust board meeting on…
Reports slam OCR’s poor oversight of HIPAA covered entities, breach followup efforts
If you follow HHS’s public breach tool and investigations closely, two reports from the Office of the Inspector General (OIG) finding lax oversight and insufficient follow-up will come as no surprise. Susan Hall of FierceHealthIT has a good recap: The former report was based on reviews of a statistical sample of privacy cases investigated by OCR between September…