Julia Angwin and Steve Stecklow report: At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves. It was a break-in. A new member of the site, using sophisticated…
Category: Health Data
Pointer: Lots of health data breaches reported to HHS, only trivial ones to FTC
Steve Gantz comments on the apparent discrepancy in breach reports received by the FTC from PHR vendors and by HHS: It seems fair to ask, can any substantial conclusions be drawn from the paucity of breaches reported to the FTC or their relative triviality? No one appears to be suggesting that the data protection practices…
Prescription for fraud: stealing professionals' identities
When we talk about ID theft in the healthcare sector, we usually think of patients’ identities being stolen. Occasionally, though, I’ve seen reports where providers’ identities were stolen to further some other scheme such as obtaining prescription medications or insurance fraud. The National Post in Canada has this story about how common this latter type…
Medco coding change exposes prescription benefit data
They probably wished it was an April’s Fool joke, but it wasn’t. On April 1, United Healthcare learned that their business associate, Medco, had suffered a computer system error that exposed members’ prescription benefit messages on the Medco web site to other members. In a letter dated May 24 to the Maryland Attorney General’s Office,…
Watch those portable devices, Tuesday edition
Maryland-based HomeCall Inc. recently notified the Maryland Attorney General’s Office that an employee’s portable point-of-care device was stolen. The device contained names, addresses, SSN, medical record number, diagnoses, and treatment information. HomeCall reports that the device was “multi-level password protected” (but not encrypted). In correspondence to those affected, HomeCall stated that the device…
Laptops with PHI do not belong in unattended vehicles, Tuesday edition
On May 10, Baltimore-based Alliance Inc. notified the Maryland Attorney General’s Office that a laptop stolen from an employee’s car on May 3 contained client information in password-protected files. Alliance is a not-for-profit that services clients with disabilities and mental health needs. Most of the affected clients are transients who either drop in or who are…