It seems Contra Costa Health Plan discovered that a contractor that they had hired and who had access to EHR beginning on December 1, 2014 had used a falsified identity to get the contractor position. The position involved access to EHR as part of the contractor’s functions relating to utilization management. In a letter to…
Category: Health Data
Ca: Hundreds of N.W.T. health records found at Fort Simpson dump
Hilary Bird reports: An N.W.T man says he found hundreds of confidential medical records at the Fort Simpson dump. The documents contain detailed information about patients’ mental health and history of drug use, including applications to addictions treatment facilities, progress reports from those facilities, and detailed notes from one-on-one counselling sessions. The documents, many of…
GA: Mind & Motion notifies 16,000 after ransomware attack
One of the newer incidents appearing on HHS’s public breach tool this week is a report from Mind & Motion, LLC in Georgia. Mind & Motion offers various types of therapeutic modalities. On September 30th, 2018, they discovered that their server had been attacked with ransomware. In a notification to patients, they write: We have…
No Data Breach, No Case
Michael Mayer of Faruki writes: An Ohio federal district court recently handed down a ruling that will make companies storing client data breathe a sigh of relief. In Williams-Diggins v. Mercy Health, Case No. 3:16-cv-1938 (N.D. Ohio), a patient sued a health system because of deficient patient information software. (The defendant-health system certified that it subsequently…
‘It cannot expect a private business to continue to clean up its errors’: Privacy czar blasts health authority for faxing patient records to computer store — again
Ragas Clan reports: Darryl Arnold would have unplugged his fax machine months ago if he didn’t need it for work. That’s because the Saskatchewan Health Authority keeps faxing him confidential patient information, most recently a five-page catheterization report that included a patient’s personal information, medical history and treatment recommendations. According to the provincial privacy czar,…
Aspire Health says stolen emails never opened, abandons hunt for hacker
Brett Kelman reports an update to a phishing incident in September: A large Nashville-based healthcare company that was hacked earlier this year said Tuesday an internal investigation has revealed the stolen emails were intercepted before they were ever opened by the cyberattacker. Aspire Health, which offers in-home treatment in 25 states, has also abandoned its legal hunt for the…