Zack Whittaker reports: A health tech company was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password. The little-known software company, California-based Meditab, bills itself as one of the leading electronic medical records software makers for hospitals, doctor’s offices, and pharmacies. The company, among other…
Category: Health Data
Personal information of over 800,000 blood donors was accessible online for 2 months: HSA
Felicia Choo reports: The personal information of more than 800,000 people who have donated or tried to donate blood in Singapore since 1986 was improperly put online by a Health Sciences Authority (HSA) vendor for more than two months, but access to the database was cut off soon after the discovery. Disclosing this in a…
Hawkesbury hospital worker dismissed over privacy breach
CBC News reports: One employee at Hawkesbury General Hospital has been let go after personal information was improperly accessed, Radio-Canada has learned. Patients who had their information viewed were recently informed in a letter. Chantal Groleau, one of the people who received a letter, was told her personal information was viewed between March 2016 and October…
NC: Pasquotank-Camden EMS notifies 40,000 after hacking incident
On February 25, Pasquotank-Camden Emergency Medical Service in North Carolina reported a breach to HHS that affected 20,420 patients. A notification sent to the Vermont Attorney General’s Office explained that sometime in late December, 2018, the county became aware of an unauthorized intrusion from outside of the U.S. Investigation revealed that the intruder was able…
Maffi Clinic notifies 10,465 after ransomware incident
On September 11, 2018, Maffi Clinics in Arizona joined the ranks of those attacked by ransomware. From their notification letter (see below), it appears that the clinic was prepared and quickly implemented their incident response plan. The consulting firm promptly identified the unauthorized access point and terminated it; isolated and removed the ransomware; and restored…
Delaware Guidance Services notifies 50,000 parents and guardians after ransomware incident
On February 26, Delaware Guidance Services for Children and Youth, Inc. (“DGS”) sent a letter to parents and guardians of their young patients. The letter explained that on December 25, 2018, DGS had become the victim of a ransomware attack that had locked up the patient records. Those records contained personal information, such as name,…