I’m pleased to see that the rash of stolen identity refund fraud (SIRF) affecting health care professionals, discussed here and here, is getting wider media attention. Brian Krebs reported it on the other day, and that always helps wake up the media. Now the Associated Press reports: New Hampshire Sen. Jeanne Shaheen has asked the…
Category: Health Data
Healthcare professionals in North Carolina victims of tax refund fraud
Last May, I reported on a breach affecting patients at Piedmont Healthcare and Presbyterian Anesthesia Associates in North Carolina whose website host, E-dreamz, had been hacked. At the time, I noted that not only patient data but some employee information was involved for Piedmont. Today, Kathryn Burcham of WSOC-TV reports that dozens of Piedmont Healthcare employees…
Another email gaffe leads to breach notifications, Tuesday edition
Today’s human error example comes from Willis North America, who reports that an employee accidentally attached a spreadsheet with employee information to an email reminding employees about earning wellness credits for the firm’s Medical Expense Benefits health plan. You can read more in their April 17th notification to the New Hampshire Attorney General’s Office. Update:…
QCA Health Plan settles HHS charges stemming from laptop theft breach in October 2011
QCA Health Plan, Inc., of Arkansas, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, agreeing to a $250,000 monetary settlement and to correct deficiencies in its HIPAA compliance program. On February 21, 2012, HHS received notification from QCA regarding a breach of…
Concentra Health settles HHS charges over 2011 laptop theft breach, to pay $1.7M
Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings. The settlement stems from an incident on November 30, 2011 (previously reported…
Healthcare security stuck in Stone Age
Erin McCann reports: The new 2014 Verizon Data Breach Investigations Report highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry. “They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK…