A systems error involving the Arizona Health Care Cost Containment System (AHCCCS) resulted in 2,632 Health-e-Arizona Plus household accounts having their data accidentally exposed to others accessing the website. The breach was discovered on May 11, but had occurred earlier in the year. Name, addresses, and the last four digits of social security numbers were exposed…
Category: Health Data
ARx Patient Solutions and ARx Patient Solutions Pharmacy notify patients of a March, 2022 breach
ARx Patient Solutions and its affiliate pharmacy, ARx Patient Solutions Pharmacy, have issued a press release about a data breach affecting patient data. Their notice states, “It was determined that in March 2022, an employee email account was compromised and accessed by an unauthorized third party.” The types of patient information that may have been…
San Bernardino Sheriff’s Department update: can’t rule out that PII and PHI were accessed in ransomware attack
The Fontana Herald News alerts us to an update by the San Bernardino County Sheriff’s Department concerning the ransomware attack they experienced in early April. The county now states that they have been unable to determine definitively if personally identifiable information (PII) and protected health information (PHI) were accessed. From the county’s June 23 notice:…
Mount Desert Island Hospital notifies 24,180 patients of April network attack
On June 30, Mount Desert Island Hospital in Maine reported a breach to HHS that affected 24,180 patients. The hospital had previously disclosed the incident on June 5, when they posted a notice on their website that said that they had detected unusual activity on their network on May 4. An investigation determined that there…
Breach Victims Have Standing When Data Misused, 1st Circuit Says
Christopher Brown reports: A data-breach victim whose personal information was subject to actual misuse has standing to sue the entity that suffered the breach, a federal appeals court said. Plaintiff Alexsis Webb plausibly alleged an injury-in-fact sufficient to confer standing to sue Injured Workers Pharmacy Inc. based on her allegation that information stolen from the…
Paying the ransom: Hospitals face hard choices in cyberattacks | Special Report
Ron Southwick has a thoughtful piece on the complexities of deciding whether or not to pay ransom if a healthcare entity is the victim of a cyberattack. As experts comment, while most experts and law enforcement prefer victims not pay ransom, sometimes entities decide they need to do it. But what are they paying it…