Breach Incidents – Page 263

AZ: Is a Desert Valley Dental breach ongoing? And did OCR order them to notify patients?

Posted on May 1, 2019 by Dissent

So this is something that I don’t recall ever seeing before as part of an initial breach disclosure. CBS5 reports: A Phoenix dental office has an ongoing breach of protected health information, Arizona’s Family learned Monday. The U.S. Department of Health and Human Services Office of Civil Rights ordered Desert Valley Dental to inform the…

SkyMed Medical Evacuation Membership Service Exposed Data of 137k Members

Posted on May 1, 2019 by Dissent

Jeremiah Fowler reports on another unsecured elasticsearch database that his firm has found: On March 27th I discovered an unsecured Elasticsearch database that contained what appeared to be members of a medical evacuation membership service. Upon further inspection of the data there were many references that the data allegedly belonged to Florida based SkyMed. It…

HHS exercises enforcement discretion and reduces maximum civil penalties

Posted on April 27, 2019 by Dissent

Those who want to see HHS/OCR come down like a ton of bricks on more entities and impose heavier civil monetary penalties for HIPAA breaches will likely not be happy to learn that HHS has decided to reduce the maximum civil penalties it will impose for the four tiers of violations of HIPAA. Under the…

Class-action lawsuit filed against Baystate Health over data breach

Posted on April 27, 2019 by Dissent

Jim Kinney reports that the Baystate Health breach that impacted 12,000 patients has resulted in at least one potential class-action lawsuit. The suit was filed April 11 in U.S. District Court in Springfield, Massachusetts. Lead plaintiff Aleyda Torresis of Springfield, says she is now at heightened risk for identity theft and other cybercrime, according to…

Inmediata Health Group notifies covered entities’ patients after exposure of PHI on web

Posted on April 26, 2019 by Dissent

From their press release: Inmediata Health Group, Corp. (“Inmediata”) recently became aware of a data security incident that may have involved the limited personal and medical information of some of its customers’ patients. Inmediata is directly mailing notification letters to individuals who may have been affected by this incident and to provide resources to assist…

“FTC gives two companies a slap on the wrist after appalling hacks”

Posted on April 26, 2019 by Dissent

A story on ZDNet is headlined, “FTC gives two companies a slap on the wrist after appalling hacks.” That headline may be true as far as it goes, but it’s a bit unfair or misleading, so let’s dive into this a bit more. Catalin Cimpanu reports: The US Federal Trade Commission has agreed to settle…