Sai Krishna Kothapalli writes: Some months ago, I read an interesting article on Techcrunch titled “A billion medical images are exposed online” about medical imaging storage servers that are not configured securely and are exposed online. This caught my attention, and I wanted to dig deeper, especially in the Indian context. Read more on Medium. This…
Category: Health Data
CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub
The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal…
University of Utah patients notified after phishing incident compromised employee email accounts
David Wells reports: Some of University of Utah Health’s patients are receiving notice that their private information may have been compromised in a recent email security breach. According to U of U Health, some of its employees’ email accounts were compromised in phishing schemes, resulting in unauthorized access of those accounts between April 6 and…
Two Data Breaches Hit Kentucky Employees’ Health Plan
Sarah Michels reports: Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place in late April and mid-May, according to a statement released by the Commonwealth of Kentucky Personnel Cabinet on June 2. During the first attack, from April 21 to 27, 971 KEHP members accounts…
Data Breach Lawsuit Filed Against Aveanna Healthcare
Marianne Kolbasuk McGee reports that Aveanna Healthcare has been sued over a July, 2019 breach that it discovered in August, 2019. The breach was disclosed in February of 2020 as potentially impacting more than 166,000 patients. The incident was one of all-too-many incidents where threat actors gained access to a number of employees’ email accounts,…
Indiana covered entities discover that their documents storage and secure destruction vendor dumped records improperly
I know the arguments against holding covered entities for auditing and monitoring their business associates periodically for compliance with any contracts, but when you don’t hold covered entities really accountable for checking that their vendors or business associates are living up to their contracts, stuff like this happens. And it can go on for years….