Christopher Brown reports: A hospital’s disclosure of patient health information to its charitable foundation didn’t violate the Minnesota Health Records Act, a state appellate court ruled. The MHRA permits disclosures of a patient’s health records without the patient’s consent when the disclosure is authorized in federal regulations, the Minnesota Court of Appeals said. Read more at…
Category: Health Data
HSE hack victims who had personal information stolen have not been told they were targets
Ferghal Blaney reports: Hacking victims who had their personal information stolen during the HSE ransomware attack last year have not been told they were targeted. It’s a legal requirement for the health authority’s IT management to inform them under GDPR rules. The HSE said in a statement that it was taking time to get through all of the…
CHI Health faces ‘IT security incident’ impacting Omaha-area online systems
Molly Ashford reports: CHI Health locations in Omaha are dealing with an “IT security incident” affecting electronic health records and other systems, a spokeswoman said Monday. According to Taylor Miller, CHI’s parent company, CommonSpirit Health, was the victim of the security incident that is impacting facilities across the country. She said some information technology systems…
NZ: Patient details compromised in cyber attack on health provider Pinnacle
Stuff reports: A cyber attack has compromised patient details kept by a large Waikato and Bay of Plenty health provider. Health Minister Andrew Little confirmed there has been a cyber attack against Pinnacle Health. The primary health provider operates dozens of GP practices handling tens of thousands of patients. Read more at Stuff. When are…
Ca: Settlement reached in decade-old lawsuit connected to Western Health privacy breach
Alex Kennedy reports a settlement in a case previously covered on this site back in 2012-2014: An out-of-court settlement has been reached in a class-action lawsuit involving Western Health that dates back more than a decade. The lawsuit was launched in August 2012, alleging that the health authority failed to protect the personal information of patients and…
Why won’t they tell you that your data were leaked? Why doesn’t the government make them tell you?
For the past few years, DataBreaches has called out victims of cyberattacks who do not fully disclose how bad a breach was. Weasel words such as something “may have” happened when a victim knows damned well that it wasn’t just “may have” but did happen are just one example. Another example involves victims who claim…