Please note the correction at the bottom of this post. Researcher Jeremiah Fowler recently discovered an unsecured database with protected health information (PHI) that appeared to be linked to Atrium Health in North Carolina. As reported at WebsitePlanet, there were 21,344 records with a total size of 6.99 GB. The database appeared to be an…
Category: Health Data
HHS Office for Civil Rights Settles Phishing Attack Breach with Health Care Network for $600,000
Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with PIH Health, Inc. (PIH), a California health care network, over potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The violations stem from a phishing attack that exposed unsecured electronic protected health…
Blue Shield of California shared the health data of 4.7 million people with Google for years
Jonathan Greig reports: The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently. The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people. In breach notification…
Hospital Español Auxilio Mutuo de Puerto Rico notifies patients of September 2023 cyberattack
Hospital Español Auxilio Mutuo de Puerto Rico didn’t discover on their own that their systems had been compromised, and then, despite outside expert help, they were unable to determine with precise confidence whose data was exfiltrated or whether it has been misused, but the hospital has now started notifying patients potentially affected by a breach…
Behavioral Health Resources of Washington state updates its data breach disclosure
On January 17, Behavioral Health Resources (“BHR”) notified the U.S. Department of Health and Human Services (HHS) of a reportable breach, but not yet having determined the number affected, they used “501” as a placeholder. They also published a preliminary notice on their website. That notice indicated that on or about November 20, 2024, they…
Breaches Within Breaches: Contractual Obligations After a Security Incident
Roma Patel writes: We often cover consumer class action complaints against companies regarding the privacy and security of personal information. However, litigation can also arise from alleged breach of contract between two companies. This week, we will analyze a medical diagnostic testing laboratory’s April 2025 complaint against its managed services provider for its alleged failure…