Attacks on the healthcare sector is a global concern. Amitai Ziv writes: News that a Knesset member recently underwent a medical procedure was leaked to the media and onto social networks within days. Given that most people would prefer their medical information remain private, the leak presumably caused great embarrassment to the MK and his…
Category: Commentaries and Analyses
OCR Announces Initiative to More Widely Investigate Breaches Affecting Fewer than 500 Individuals
Glad to see this announcement from HHS/OCR: Since the passage of the Health Information Technology for Economic and Clinical Health Act of 2009 and the subsequent implementation of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, OCR has prioritized investigation of reported breaches of protected health information (PHI). The root causes of…
Audit of Pittsford Central School District by NYS Comptroller
An audit concerning: Security of Personal, Private and Sensitive Information (PPSI) on Mobile Computing Devices and Extracurricular Cash Records and Collections Report of Examination Period Covered: July 1, 2014 – January 21, 2016 Of relevance to this site: The Pittsford Central School District (District) is governed by the Board of Education (Board), which is composed…
Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm
Every time there’s a big breach that has consumers or patients outraged, I see rumblings in the Comments section of posts about class-action lawsuits. An article by John Devine, Edward McAndrew, and Gregory Szewczy of Ballard Spahr about a recent opinion in District Court for the D.C. Circuit is a timely reminder of the uphill battle plaintiffs may…
California dentist notifies patients of backup drive stolen from car
Why are we still reading reports of devices with unencrypted patient information being stolen from providers’ unattended vehicles? This is the second report this month I’ve read like this. And while it’s one thing to inform patients that you believe the device was stolen for commercial value and not contents, does this letter go too far…
Athens Orthopedic Clinic incident response leaves patients in the dark and out of pocket for protection
On June 26, after learning that databases with patients’ protected health information had been put up for sale on the dark web, DataBreaches.net began investigating and trying to alert the victim entities so that they could take immediate steps to try to mitigate harm to patients. By that evening, I had sent an email to Athens Orthopedic…