How many patient data breaches can a covered entity have before HHS OCR opens a serious investigation into their compliance with the HIPAA Security Rule? According to DataBreaches’ count, UT Southwestern Medical Center in Texas has disclosed at least four breaches since July 2023. As a brief recap of the first three: In July 2023,…
Category: Exposure
No need to hack when it’s leaking, Canadian edition: Care1
Jeremiah Fowler discovered a non-password-protected database that contained more than 4.8 million records belonging to Care1 — a Canadian company offering AI software solutions to support optometrists in delivering enhanced patient care: The publicly exposed database was not password-protected or encrypted. It contained over 4.8 million documents with a total size of 2.2 TB. In a…
Hong Kong Privacy Commissioner’s Office Publishes Investigation Findings on the Electrical and Mechanical Services Department Data Breach
December 9 enforcement action by the Privacy Commission of Hong Kong: Data Breach Incident of the Electrical and Mechanical Services Department (EMSD) The investigation arose from a data breach notification submitted by the EMSD to the PCPD on 1 May 2024, reporting its suspicion that the personal data of members of the public in its possession was…
HHS OCR settles charges that Inmediata Health Group exposed 1.6 million patients’ PHI online
The following announcement by HHS OCR stems from an accidental exposure of protected health information online that continued for several years. Inmediata’s incident resulted in a class action lawsuit that was settled for $1.1 million in 2022, and a settlement with 33 states for $1.14 million in 2023. HHS seems to be the first to…
Express Services disclosed a data breach. One month later, they learned they had a second data security problem.
Express Employment Professionals (“Express Pros“) describes itself as a leading staffing agency in the U.S., “specializing in matching job seekers with the best jobs for their skills and experience.” Express Pros is the flagship brand for Express Services and conducts business across the U.S., Canada, South Africa, Australia, and New Zealand. Express Pros operates as…
Bolton Walk-In Clinic in Ontario: lock down your backup already!
DataBreaches hates reporting on an incident when the entity has not yet secured misconfigured storage, but after four months of futile efforts to get a Canadian clinic to respond to responsible disclosures, maybe publication will help get them off the dime. Bolton Walk-In Clinic in Ontario has a data protection policy that says: We are…