On March 29, Burrell Behavioral Health published a news release about an unnamed business associate accidentally exposing ePHI of more than 67,000 patients back in August, 2018. Burrell’s notification, reproduced below, does not indicate when the problem was first detected nor how they learned of it, but it was they who notified their business associate…
Category: Health Data
DePaul experienced phishing-related data breach, notified 902 health program clients (updated, corrected)
Correction of April 9, 2019: It appears that although DePaul reviewed 41,000 emails, they wound up needing to notify only 902 patients. Sarah Taddeo reports: Local housing and health provider DePaul experienced a data breach in February that exposed some clients’ sensitive information, the organization announced Friday. The incident was deemed a “phishing scam” — a hacking…
HIV data leak: Farrera-Brochez tells US court he has complied with order to delete stolen data
Charissa Young reports: WASHINGTON – Mikhy Farrera-Brochez, the American at the centre of Singapore’s HIV registry leak, has promised to delete all information obtained from the Singapore Government in accordance with a court order granted to the Ministry of Health (MOH). The 34-year-old also swore, in a written statement filed with a US court on…
Lansing woman deals with data breach aftermath – but is it really from that breach??
WILX reports: About six months ago, a medical billing company was hacked and patients information was compromised. One Lansing woman says she’s still dealing with the aftermath. Joanne Fink says she’s getting calls from companies referencing her specific medical conditions. She believes it’s related to the data breach at Wolverine Solutions Group. Read more on…
IA: Southern Hills Eye Care Notifies Patients of Ransomware Attack
From their web site: Southern Hills Eye Care has become aware of a potential data security incident that may have resulted in the inadvertent exposure of patients’ personal and health information. Although at this time there is no indication that an unauthorized party accessed or viewed patient information, or evidence of patient information being misused,…
And speaking of refusals to reimburse for breaches….
I don’t have access to the full article, but Law360 is reporting that: CVS Can’t Recoup $1.8M Info Disclosure Penalty From Printer A printing company that contracted with CVS to mail benefit letters to IBM employees doesn’t have to reimburse the $1.845 million the drugstore had to dole out after letters were sent… Read it…