John Beauge reports: A Lycoming County judge has refused to dismiss a vicarious liability claim against UPMC Susquehanna that is being sued because an employee accessed the medical records of a co-worker without authorization. Judge Eric R. Linhardt on Wednesday rejected UMPC’s claim it was not liable because Taylor Fausnaught failed to state any claim…
Category: Health Data
UK: West Suffolk Hospital apologises after dog walker finds medical records in nature reserve
Sam Russell and Fiona Leishman report: A hospital trust is apologising to patients whose confidential records were reportedly found by a dog walker in a Cambridgeshire nature reserve. The bundle of documents from the West Suffolk Hospital in Bury St Edmunds was found on Sunday (March 1) by a member of the public at Trumpington…
OCR settles complaint against doctor for failure to have appropriate risk assessment and security controls, despite technical assistance
OCR has settled a complaint against a covered entity for violations that first occurred prior to November, 2013, but continued thereafter. Yes, 2013. That’s when Steven A. Porter, M.D., first reported a breach to OCR that involved his business associate Elevation43. According to the complaint Porter filed at the time, and as described by OCR,…
Lawsuit Over November 2016 hack of Quest Diagnostics Settles
A lawsuit stemming from a November, 2016 hack of Quest Diagnostics that impacted 34,000 patients has now settled. According to TopClassActions: A $195,000 Quest class action settlement will resolve claims that a 2016 data breach compromised the information of thousands of patients. Read more on Top Class Actions.
Ca: LifeLabs files petition to keep cyberattack report from B.C. privacy commissioner
Andrew Weichel reports: The B.C.-based laboratory testing company that was targeted in a cyberattack last fall is trying to keep the province’s privacy commissioner from accessing a third-party report on the breach. In a petition filed this month in B.C. Supreme Court, LifeLabs argued it shouldn’t have to turn over a report prepared by cybersecurity…
UK: Rotherwood Healthcare AWS bucket security fail left elderly patients’ DNR choices freely readable online
Gareth Corfield reports: A leak of 10,000 records at a Leicestershire care home provider exposed elderly patients’ wishes not to be resuscitated, detailed care plans and precisely how much councils paid for individual patients’ care. Not only did Rotherwood Care Group, trading as Rotherwood Healthcare, leave an Amazon Web Services S3 bucket accessible to everyone…