OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…
Category: Health Data
Personal and health insurance information of most of Panama’s citizenry found in unsecured database
Bob Diachenko reports that he found an unprotected and publicly available Elasticsearch cluster containing what appears to be 3,427,396 records of Panamanian citizens. According to Diachenko, each record in tables labeled “patient” contained the following info: full name date of birth national ID number (cedula) medical insurance number (poliza seguro medico) phone email address other…
April sets new record for number of health data breaches and incidents (updated)
We’ve seen a record number of incidents reported in the first quarter of 2019, and it’s not getting any better in the healthcare sector. Whether you use HHS’s public breach tool, as Modern Healthcare does, or the system DataBreaches.net and Protenus, Inc. use to track U.S. breaches involving medical or health data, April set a…
Utah picked a tech company for its medical cannabis program that has a history of glitches and hacks. But it’s cheap.
That’s a pretty bold headline from the Salt Lake Tribune, isn’t it? Bethany Rodgers reports: Utah is preparing to strike a deal with a Denver-based software company to build the digital backbone of the state’s emerging medical cannabis program, despite the business’ problems with outages, crashes and hacks in other states. The vendor, MJ Freeway,…
25,148 patients served by Southeastern Council on Alcoholism and Drug Dependence notified of ransomware incident
Here’s yet another ransomware incident in which investigators couldn’t really determine whether ePHI were actually accessed, so the entity notified HHS and is notifying patients. In this case, we are dealing with what could be treatment information for more stigmatizing conditions such as alcoholism or addiction. According to their report to HHS, 25,148 patients are…
Independent Health mistakenly emailed information on 7,600 members
Tracey Drury reports: Protected health information on more than 7,600 Independent Health members was accidentally emailed to a member in March, a breach that violates federal privacy laws. The Amherst-based health plan told members that an employee inadvertently emailed documents containing their information on March 19 to an unauthorized recipient who happened to be an…