Following a public comment period, the Federal Trade Commission has approved a final order settling charges against Rite Aid Corporation, and sent letters to members of the public who submitted comments on the order. The FTC charged that the company failed to protect the sensitive financial and medical information of its customers and employees. The…
Category: Health Data
UK: Computer hacker controlled victims' webcams from mother's front room
A computer hacker accessed highly personal data and controlled victims’ webcams as part of a sophisticated email scam carried out from his mother’s front room. Matthew Anderson, 33, was a key member of an international gang, abusing his skills as a computer security expert to target businesses and individuals with spam containing hidden viruses, a…
Ex-Macon hospital worker accused of accessing patient information
Phillip Ramati reports: Macon police are investigating a former employee of Coliseum Hospital accused of entering a secure area and accessing patient information, according to a report. According to the report, investigators are looking into a former employee at the hospital who was there Thursday afternoon for a nurse’s birthday party. While there, the former…
(update and correction) North Carolina Baptist Hospital/Wake Forest University Baptist Medical Center breach
Back in March, I noted that HHS had added a breach report to their web site from North Carolina Baptist Hospital. At the time, the only information I had was from the HHS log showing that the PHI of 554 individuals was involved in the theft of paper records on February 15 and I did…
California serious about unauthorized employee access to patient data
The California Dept. of Public Health has just fined seven more entities whose employees improperly accessed patient data. You can read the summaries on the companion blog at It’s great that the state is fining them, but one wonders why HHS/OCR are not also fining entities for these types of breaches or even worse…
California fines 7 more entities for unauthorized access to patient info by employees
The California Department of Public Health (CDPH) announced that six California hospitals and one nursing home have been assessed administrative penalties and fines totaling $792,500 after a determination that the facilities failed to prevent unauthorized access to confidential patient medical information. “Medical privacy is a fundamental right and a critical component of quality medical care…