If you can’t prove there was no access, the presumption is that it’s a reportable breach. Today, Valley Anesthesiology and Pain Consultants (VAPC) announced that it is addressing a security incident involving certain patient, provider and employee information. VAPC is providing notice to approximately 882,590 patients, and all current and former employees and providers, who…
Category: U.S.
Bon Secours notifies 655,000 patients that vendor error exposed patient info on Internet
Bon Secours Health System, Inc. (“Bon Secours”) and its affiliates are committed to maintaining the privacy and security of our patient information. This notice is to inform our patients of an incident involving one of our vendor’s handling of some patients’ information. On June 14, 2016, Bon Secours discovered that files containing patient information inadvertently…
LinkedIn suffers huge bot attack that steals members’ personal data
Ethan Baron reports: Data thieves used a massive “botnet” against professional networking site LinkedIn and stole member’s personal information, a new lawsuit reveals. The Mountain View firm filed the federal suit this week in an attempt to uncover the perpetrators. “LinkedIn members populate their profiles with a wide range of information concerning their professional lives, including summaries (narratives…
Proposed class action over CareFirst data breach dismissed
Brendan Pierson reports: A federal judge has dismissed a proposed class action over a 2015 cyberattack against health insurance company CareFirst BlueCross BlueShield that compromised the data of about 1.1 million people. U.S. District Judge Christopher Cooper in Washington, D.C. ruled Wednesday that the CareFirst policyholders who brought the lawsuit had not shown that they…
Three TheDarkOverlord incidents appear on HHS’s public breach tool
Quick note to point out that three of TheDarkOverlord’s victims have reported their breaches to HHS, although the numbers they report do not always match what had been claimed by TDO and previously reported in the media: Midwest Orthopedic Pain and Spine reported that 29,153 patients (not 48,000) were affected; Athens Orthopedic Clinic reported that 201,000…
Walgreens avoids penalty after 9-year privacy breach investigation
I have been following this case from the beginning and wondering why the heck HHS didn’t come down on Walgreens like they did on their competitors CVS and RiteAid. And now we learn that OCR just closed the case with no penalty? Seriously? So CVS and RiteAid get clobbered by both the FTC and HHS/OCR, and Walgreens…….