Jill Perkins of WKBW in Buffalo, New York posted a statement from attorneys for the Buffalo Heart Group: The Buffalo Heart Group, LLP, a local medical practice, uncovered a serious breach of its computer system that took place in the Spring, 2014 and affected between 500 and 600 of its patients. The recently completed internal…
Category: Health Data
Jersey City Medical Center employee gaffe exposed patients’ PHI in e-mail attachment
Add Jersey City Medical Center to entities experiencing an e-mail breach of PHI. From their statement of April 20, 2015: On February 19, 2015, as part of routine hospital operations, an employee of Jersey City Medical Center accidentally sent an e-mail meant for internal use that included an attached spreadsheet with some patient information to…
Update: Boyd Hospital recovers records that had become new building owner’s property
HIPAA Journal has an update to a situation I had previously noted on this site – a hospital that failed to remove stored medical records from a building before its new owner took possession – despite, the new owner says, repeated calls on his and a realtor’s part alerting them to the situation. The hospital attempted…
United Recovery Group notifying patients of HIPAA privacy breach (updated)
Florida-based Unity Recovery Group is notifying patients of a HIPAA breach that involved disclosure of their protected healthy information to providers outside their network without prior written consent. The breach apparently began in April 2014 and continued for a full year, until it was discovered in April of this year, as their letter explains: We…
Medical Management LLC breach added to HHS breach tool
Quick update: The Medical Management LLC breach that affected patients at 40 of its clients has been added to HHS’s public breach tool. MML, which is headquartered in North Carolina, reported that 20,512 patients were affected or notified.
Beacon Health System notifies patients after phishing attack (update2)
The following press release was issued on May 22 by Beacon Health System. Note the attempt to characterize this as a “sophisticated” attack. That’s PR-speak for “our employees fell for it.” Of note, it appears that this attack went back to November 2013. Was there any audit between then and now that could have detected…