It occasionally happens that a breach or incident response creates a second incident of its own. That seems to be the case with Alive Hospice, as this newest press release suggests, but does this require second notification to HHS/OCR? My first impression is that it would, but I’m interested to hear what HIPAA lawyers might…
Category: Health Data
Oh good grief, Saturday edition
Seen on Twitter: BREAKING: Dutch hospital that just got fined 460.000 euro by Dutch DPA for staff snooping in medical files, is in the news today again: staff used medical files as grocery list. Left them in shopping cart supermarket. Compliance is a cultural issue!https://t.co/LhVELzgL8J #GDPR — Jeroen Terstegge (@PrivaSense) September 7, 2019 A google…
Meridian Community College discloses a breach that was discovered in January
A breach notification by Meridian Community College demonstrates once again, why entities should make determined efforts not to leave emails in employee accounts that may have personally identifiable information in attachments or the emails themselves. In this case, the types of personal information included name, Social Security number, driver’s license number, passport number, date of…
UK: Gender identity clinic leaks almost 2,000 patients’ email addresses
Chris Fox reports: The Charing Cross Gender Identity Clinic sent patients an email about an art competition, with hundreds of others CC-ed in. The clinic later tried to recall the message but the error had already been noticed. The Tavistock and Portman NHS Foundation Trust, which is responsible for the clinic, is investigating. Read more…
Two men accused of harassing NJ police officers by posting hacked personal info online
Joshua Jongsma reports: Two New York men hacked the personal information of 50 North Jersey public employees, mostly police officers, and posted much of it online, authorities said. Evan Koulikov, 21, of Spring Valley, New York also made harassing phone calls to many of the victims, according to the Bergen County Prosecutor’s Office. Eric Williams,…
OH: UC Health to Notify Patients of Phishing Incident
On September 4, UC Health in Cincinnati disclosed that it is investigating a recent email phishing incident that may have involved patient information. In a press release posted on their site, they report that on July 6, they learned of a phishing attack that led to unauthorized access to “a limited number of UC Health…