If you were or a pharmacy patient at Raley’s, Bel Air Mart, or Nob Hill General Store, your information may have been on a laptop that was stolen on September 24. In a notification to the California Attorney General, David Fluitt, Director of Pharmacy Operations for Raley’s, writes that the types of unencrypted information on…
Category: Health Data
EE: Personal and sensitive information of children publicly available for years
As I was just saying in the post about the Girl Scouts breach, children’s medical information can be breached in so many ways outside of the healthcare sector. And that’s true outside the U.S. as well. Priit Pärnapuu provides a concerning, but timely, example from Estonia: Schools’ information system EKIS allowed anyone to read and…
CA: Data breach may have exposed personal information of 3,000 Girl Scouts of Orange County
Children’s medical alerts and health conditions may be breached in so many ways outside of the healthcare sector. Schools, sports clubs, camps, and yes, boy scouts and girl scouts, are just some of the organizations that may hold sensitive information that gets breached, with no report needed to HHS. Alejandra Reyes-Velarde reports: Members of the…
Cyber attack exposed information for 40,000 patients of Sioux City vision clinic
Mason Doktor reports that Jones Eye Clinic and CJ Elmwood Partners, L.P., an affiliated surgery center, experienced a ransomware attack on the evening of August 22. The attack affected 40,000 patients seen between Jan. 1, 2003 and Aug. 23. The providers were able to restore from backup and did not pay any ransom. Their full notice…
Byram Healthcare notifies patients about rogue insider incident
Byram Healthcare is a firm that provides disposable medical supplies. They were acquired in 2017 by Owens & Minor. On October 22, Byram sent notification letters to patients whose data may have been stolen and/or misused by a former employee. Byram learned of the former employee’s wrongdoing when they were contacted by law enforcement. In…
Follow-up: Mecklenburg Co. not fined for releasing personal information of health department patients
WSOC-TV reports: The United States Department of Health and Human Services Office of Civil Rights did not fine Mecklenburg County for inadvertently providing Channel 9 with the personal medical information of thousands of health department patients in 2017. Records show Mecklenburg County self-reported the potential HIPAA violation on May 4, 2017. In March 2017, in…