KSTP reports: The Minnesota Department of Human Services were victims of a phishing email scam, where someone had the ability to access the information of approximately 21,000 individuals who interacted with the department. DHS confirmed the potential breach Thursday in a statement. DHS sent out a letter dated Tuesday to those individuals whose information may…
Category: Health Data
Escaping Notice, by Laying Low
HIPAA lawyer Matt Fisher has a thoughtful commentary inspired by an OCR investigation first reported on this site. Unlike the FTC who have tended to demand 20-year monitoring plans as part of their settlements with entities that have data security breaches, OCR tends to use a more educative approach without monetary penalties or long-term monitoring in…
IE: Shock as man stumbles across confidential documents from Beaumont Hospital at side of road in Co Louth
Ailbhe Daly reports: A man told of his shock last night after finding confidential medical records at the side of a road. Jimmy McGuirk stumbled across the documents from the A&E of Dublin’s Beaumont Hospital on Friday as he picked up litter in Baltray, Co Louth. The 63-year-old said the files contained information on 29…
Rebound Orthopedics & Neurosurgery reports data breach
CISOMAG reports: The officials at Rebound Orthopedics & Neurosurgery stated that they’ve fallen victim to a major data theft that exposed its customers’ personal data, including Social Security numbers and limited health information. The Vancouver-based diagnosis and treatment services company stated around 2,800 of its patients and employees may have been affected by the incident….
MedCall Advisors suffers second data leak in less than one month
A few weeks ago, DataBreaches.net reported on a leaky Amazon S3 bucket owned by MedCall Advisors in North Carolina. The leak, which exposed approximately 3,000 patients’ protected health information, was discovered by UpGuard, who published a number of redacted screenshots to document the leak. Their detailed report also noted how Randy Baker, the CEO of MedCall…
An OCR investigation illustrates the value of investigating small and medium-sized entities
One of the common themes in discussing security is that many organizations are not “mature” yet. And of course, as HIPAA recognizes in its security rule, smaller practices should not be expected to do everything you might expect a larger hospital system to do. But even small or medium-sized entities need to comply with the core…