Sta-Home Health & Hospice in Mississippi reported a potential security breach to HHS this week. Because I could find no media coverage or other information on the incident online, I contacted them for additional information. According to a spokesperson with whom I spoke today, on the evening of September 15, their offices were burglarized…
Category: Health Data
Should HHS follow the ICO's lead?
Yesterday, the U.K. Information Commissioner’s Office used its authority to issue fines for breaches of the Data Protection Act and issued its first fines ever. Neither breach involved a healthcare facility, despite the large number of breaches experienced by the NHS. But in what may be a warning shot, the ICO fined Hertfordshire County Council…
(follow-up) Tulsa woman’s sentence nearly 4 years for credit-card fraud
David Harper reports the follow-up to a case previously reported here and here: A Tulsa woman was sentenced Tuesday to three years and nine months in prison for her role in a credit-card fraud case that involved personal identifying information being taken from St. Francis Hospital’s computer system. Teresa Browning, 36, also was ordered by…
Puerto Rico Dept of Health reports breach affecting 400,000; Triple-S Salud fined $100k
The Puerto Rico Department of Health has reported a security breach to HHS involving Triple-S Management and Corp. and Triple-S Salud, Inc. Triple-S Management is a managed care company while Triple-S Salud (Triple Health) is an independent licensee of the Blue Cross and Blue Shield Association for Puerto Rico. The breach was reported to HHS…
(Update) Henry Ford Hospital breach affected 3,700
As an update to previous coverage on the Henry Ford Health System breach involving a stolen laptop containing unencrypted PHI: 1. The breach affected 3,700 patients according to the hospital’s notification to HHS under the breach notification requirement of HITECH. 2. The hospital posted a notice to its web site on Nov. 19: Henry Ford…
FTC Approves Final Order Settling Charges that Rite Aid Failed to Protect Medical and Financial Privacy of Customers and Employees
Following a public comment period, the Federal Trade Commission has approved a final order settling charges against Rite Aid Corporation, and sent letters to members of the public who submitted comments on the order. The FTC charged that the company failed to protect the sensitive financial and medical information of its customers and employees. The…