The Chilean Transparency Council (‘CPLT’) announced, on 1 June 2020, that following an audit of 12,000 purchase orders made by 86 organisations in the health sector, the CPLT found that 12 purchase orders by hospitals and six by health services were made which revealed the sensitive personal data of patients. Read more on OneTrust Data…
Category: Health Data
How screwed is Indian healthcare data?
Sai Krishna Kothapalli writes: Some months ago, I read an interesting article on Techcrunch titled “A billion medical images are exposed online” about medical imaging storage servers that are not configured securely and are exposed online. This caught my attention, and I wanted to dig deeper, especially in the Indian context. Read more on Medium. This…
CA: Castro Valley Health notifies patients after learning that patient data had been improperly transferred to Docker Hub
The following is Castro Valley Health’s notification. It sounds like they may have learned about this years-long exposure incident from HHS/OCR after someone notified HHS. The incident is not yet on HHS’s public breach tool. June 5 — Castro Valley Health, Inc. has become aware of a data security incident that may have involved some personal…
University of Utah patients notified after phishing incident compromised employee email accounts
David Wells reports: Some of University of Utah Health’s patients are receiving notice that their private information may have been compromised in a recent email security breach. According to U of U Health, some of its employees’ email accounts were compromised in phishing schemes, resulting in unauthorized access of those accounts between April 6 and…
Two Data Breaches Hit Kentucky Employees’ Health Plan
Sarah Michels reports: Nearly a thousand members of Kentucky Employees’ Health Plan (KEHP) were victims of a data breach that took place in late April and mid-May, according to a statement released by the Commonwealth of Kentucky Personnel Cabinet on June 2. During the first attack, from April 21 to 27, 971 KEHP members accounts…
Data Breach Lawsuit Filed Against Aveanna Healthcare
Marianne Kolbasuk McGee reports that Aveanna Healthcare has been sued over a July, 2019 breach that it discovered in August, 2019. The breach was disclosed in February of 2020 as potentially impacting more than 166,000 patients. The incident was one of all-too-many incidents where threat actors gained access to a number of employees’ email accounts,…