HIPAA Journal reminds us all that states can require notification to the state of breaches that are also covered by HIPAA and can take enforcement action if they are not reported: Recently, there have been several instances where the California DOJ has not been notified about ransomware attacks on California healthcare facilities, even though the…
Category: Health Data
Nearly 73,500 patients’ data affected in ransomware attack on eye clinic in Singapore
Kenny Chee reports: A ransomware attack earlier this month has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic, the third such reported incident in a month. The information included names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans,…
Metro Infectious Disease Consultants Notifies 171,740 Individuals of Privacy Incident
On June 24, 2021, Metro Infectious Disease Consultant (MIDC) learned that some individuals’ personal information could have been accessed when an unauthorized third party gained access to certain employees’ email accounts. MIDC has no reason to believe that anyone’s personal information has been misused for the purpose of committing fraud or identity theft or that…
NL: Data leak at Radboudumc hospital was caused by former employee
This is a Google translation of a story in Dutch: The data breach at Radboudumc in Nijmegen is due to a former employee, the hospital reports in an update . Due to the leak, the data of an unknown number of employees is on the street. The hospital discovered the data breach earlier this month. Names, login names, email addresses and…
Internal emails raise questions about government’s investigation into Walgreens privacy breach
I am so glad to see a follow-up on this case because I had the same questions about how and why Walgreens did not suffer the same federal penalties as CVS and Rite Aid for the same infringement of HIPAA. My original coverage of this breach is no longer online as the former version of…
Update on Eskenazi Health Cyber Incident
Eskenazi has issued an updated notice about their security incident. They talk about “if they find” PII or PHI, but the reality is that this site already saw and reported that there was such information in the data dumped by Vice Society. From this site’s perspective, the only question is how many employees and patients…