And this is why I always wait to close out monthly stats in healthcare. The following incident just showed up on HHS’s public breach tool today as having been reported to them on July 30, and affecting 301,000 patients. St. Mary’s Hospital’s notice, below, indicates that the entity was not sure of the number affected. …
Category: Health Data
OpenEMR patches serious vulnerabilities uncovered by Project Insecurity
Everyone has their own definition of a good day. Mine includes preventing breaches of patient medical information. Today qualifies as a good day, thanks to Project Insecurity. OpenEMR is open source software for managing electronic medical records (EMR) and other practice management functions. According to Wikipedia, OpenEMR is one of the most popular free electronic medical…
AU: 7000 patient records from Women’s and Children’s hospital exposed online in embedded data- for 13 years
Simeon Thomas-Wilson reports: Medical records of more than 7000 people were exposed online for 13 years, forcing an urgent review by SA Health into whether there were any other breaches. Names, date of birth and test results for around 7200 pathology tests at the Women’s and Children’s Hospital from 1996 to 2005 were leaked online…
11th Circuit Decision in LabMD Case Could Have Repercussions Beyond the FTC
F. Paul Greene and Daniel J. Altieri consider the landscape after the 11th Circuit’s decision in the LabMD case, noting the state-level Unfair and Deceptive Acts and Practices (“UDAP”) laws and The Nationwide Assurance of Voluntary Compliance may become more prominent as tools for data security enforcement actions. They write, in part: The Nationwide Assurance…
Web doc iCliniq plugs leaky S3 bucket full of medical files
Another data leak by an Indian firm, it seems. John Leyden reports on this one: Online medical consultation service iCliniq has restricted access to thousands of medical documents it left in a public AWS S3 bucket. iCliniq acted earlier this week only after the slip-up was brought to its attention by German security researcher Matthias…
Was LabMD Hacked? A Key Issue in Lawsuit Against FTC Lawyers
Craig A. Newman of Patterson Belknap writes: Did LabMD, the now-defunct cancer testing company, expose sensitive patient information with shoddy data security practices as U.S. regulations have charged, or was the company victimized by a private forensics firm extorting it for business – raising the troubling question of whether the entire case against LabMD was…