Chris Cobb reports: Montfort Hospital officials were scrambling on Friday to reassure thousands of patients that an unsecured USB data key lost by a hospital employee did not contain intimate details of their health issues. Information on the USB key, downloaded from a Montfort computer in contravention of hospital rules, contained information on more than…
Category: Health Data
At long last, HHS unveils Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules
From their press release: The U.S. Department of Health and Human Services (HHS) moved forward today to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health…
St. Mark's Medical Center notifies patients after finding malware on system
St. Mark’s Medical Center in LaGrange, Texas notified 2,988 patients of a breach. From their notice of December 31, 2012: On November 15, 2012, we learned that on May 21, 2012, one of our employee’s computers had become infected with malware that appears to have been designed to look for personal information stored on the computer….
Dedicated server hosting three medical practices hacked; some patient information exfiltrated to Gmail account
Several medical groups in Massachusetts were notified by their hosting service, Clearpoint Design, Inc., that a dedicated server on Hosting.com was hacked on October 18, 2012. The practices affected were South Shore Medical Center, who notified 4,100 patients, Harbor Medical Associates, P.C., who notified 4,343 patients, and Child & Family Psychological Services, Inc., who notified 7,250 patients….
Central London Community Healthcare NHS Trust's appeal of ICO's breach penalty dismissed
Back in May, I noted that the Information Commissioner’s Office in the U.K. had issued a fine of £90,000 to Central London Community Healthcare NHS Trust after the trust had misdirected faxes containing sensitive information on 45 occasions during the previous year. The trust immediately announced it planned to appeal. Today, Robin Hopkins of Panopticon reports that the…
6,000 patients to be notified after UDOH contractor loses drive with unencrypted PHI
The Utah Department of Health reported another breach today. This time, blame an employee of their contractor, Goold Health Systems, who violated policy by transferring PHI to an unencrypted USB drive which was lost during travel. The drive contained about 6,000 patients’ names, Medicaid numbers, ages, and recent prescription history.