CORRECTION: I don’t know how I did it, but instead of typing 42,000, I kept typing 92,000 when I originally wrote this one up. The number of patients affected was 41,948, as it said at the bottom of the post. My apologies to CTCA. Another phishing incident where an employee’s email account was storing a…
Category: Health Data
UK: Hospital staff investigated for ‘spying’ on Sir Alex Ferguson’s medical records while he was fighting for his life
Benjamin Butterworth reports: At least five medics are being investigated over accusations they illicitly accessed Sir Alex Ferguson’s medical records while he was fighting for his life. Britain’s most successful football manager, who managed Manchester United from 1986 to 2013, received care for a brain haemorrhage at Salford Royal hospital in May. Two doctors, a…
San Mateo Medical Center notifies patients after records erroneously recycled instead of shredded
Updated Feb. 22, 2019. DataBreaches.net was notified that HHS had finally removed the disputed listing from their portal. But when I checked, I found that it had not really been removed. OCR had closed its case and moved the entry to its archived list, with the following note: On November 13, 2018, OCR received a…
Thundermist Health Center dealing with ‘ransomware’ attack
Sarah Doiron reports from Rhode Island: A local health center is working to resolve problems with its computer system after officials say it was the target of a “ransomware” attack. Thundermist Health Center, which is based out of Woonsocket and has offices in South Kingstown and West Warwick, was hit with the attack around 8…
IL: Center for Vitreo-Retinal Diseases notifies more than 20,300 patients after ransomware attack
On November 16, the Center for Vitreo-Retinal Diseases in Illinois notified HHS of a breach that they coded as “unauthorized access/disclosure” involving PHI on the network server. Here is the notice on their web site that describes what the ransomware incident: The Center for Vitreo-Retinal Diseases has become aware of a potential data security incident…
Amendments to data breach notification law in Colorado impact HIPAA-regulated entities
Kiss that 60-days to notify patients HIPAA bit goodbye if you’re doing business in Colorado. Julie A. Sullivan and Loreli Wright of Greenberg Traurig, LLP write: Passed during the 2018 state legislative session, House Bill 18-1128 went into effect on Sept. 1, changing Colorado’s law on the protection of personally identifying information and the procedure businesses must…