Rebecca Gross reports: On Jan. 25, 50 students and 35 faculty and staff members within the Department of Health Services received an email with a spreadsheet that contained personally identifiable information (PII) of more than 9,000 people. Amy Hagopian, associate professor in Health Services at the UW, unintentionally sent the email containing the spreadsheet to…
Category: Exposure
Kansas Department for Aging and Disability Services Notifies 11,000 Consumers About Breach of Protected Health Information
March 1, 2018 TOPEKA, Kan. – The Kansas Department for Aging and Disability Services (KDADS) has begun to notify individual consumers about a recent incident in which personal or protected health information was disseminated to a specific group of KDADS business associates. On February 23, 2018, KDADS became aware of a potential breach of personal…
QuadMed health records system issue affected onsite clinics of three clients
One of the incidents reported to HHS this month was an incident reported by QuadMed in Wisconsin. Today, I finally found some documentation as to what that incident was all about. As background, QuadMed describes itself as providing occupational health and primary care services to some clients. In some cases, they may take over an…
Tufts Health Plan notifies 70,320 members after vendor error exposes information in envelope window
Yes, it has happened again. Protected health information exposed in an envelope window. Why do entities still use envelopes with windows? Anyway, Tufts Health Plan explains in their notification of February 16, 2018: Subject: Notice of Inadvertent Disclosure of Health Plan Information What happened? Tufts Health Plan uses a vendor to handle mailing of member…
French news site L’Express exposed reader data online, failed to promptly secure it when notified
Zack Whittaker and Rayna Stamboliyska report on a data leak where it sounds like the researcher who uncovered the leak took more diligent steps to secure the data than the entity did. Here’s a bit from ZDNet’s report, but do read the whole thing. I’ve changed their headline, which emphasized GDPR, to my own perception…
Memorial Hospital at Gulfport Discloses Email Gaffe
From the hospital’s site: Memorial Hospital Reports Inadvertent Disclosure Posted Date: February 28, 2018 GULFPORT, Miss. —Memorial Hospital at Gulfport has notified approximately 1,500 patients of an inadvertent disclosure of information, including patient names and internal (Memorial) encounter numbers, that was discovered during a routine internal audit. No financial information, Social Security numbers, diagnoses, symptoms,…