On April 5, Metrocare Services in Texas notified HHS that it was notifying 5,290 clients of a breach. A notice on their web site explains: On February 6, 2019, we learned an unauthorized third party gained access into some Metrocare employees’ email accounts beginning on January 2019. We immediately took steps to secure the accounts…
Category: Health Data
New Malicious Medical DICOM Image Files Cause HIPAA Headache
Sergiu Gatlan reports: Malicious DICOM files can be crafted to contain both CT and MRI scan imaging data and potentially dangerous PE executables, a process which can be used by threat actors to hide malware inside seemingly harmless files. Cylera’s Markel Picado Ortiz achieved this by taking advantage of a DICOM format design flaw which…
WA: RS Medical notifies patients because an attacker potentially had access to their information
On April 7, RS Medical disclosed an incident that had the potential to compromise patient information. A copy of the notification from the Vancouver, Washington entity, obtained by DataBreaches.net, indicates that the attacker may not have been particularly interested in patient information, though: The primary purpose of the breach, as determined by internal investigation, was…
Blue Cross of Idaho Notice of Privacy Breach
Boise, Idaho (April 12, 2019) – Blue Cross of Idaho Health Service, Inc. (“Blue Cross of Idaho”) is providing notice to certain members of a recent incident involving protected health information (“PHI”) which qualifies as privacy breach. On March 21, 2019, an unauthorized user accessed Blue Cross of Idaho’s online provider portal with the intent…
UT fired counselor accused of disclosing student’s PTSD
Sarah Elms reports: A University of Toledo counselor accused of improperly disclosing a student’s personal health information has been fired. University officials on Dec. 18, 2018, notified Mychail Scheramic that his employment would be terminated at close of business March 18. He was hired in 2017 as the university’s counseling center director and was paid…
MD Anderson Cancer Center Appeals $4.3 Million HIPAA Fine
Marianne Kolbasuk McGee reports: The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful. In the complaint filed Tuesday in a Texas federal court,…