Common sense dictates that patients’ protected health information should not be made freely available on FTP servers that have no login required. And yet it still happens, and has happened again. Recently, this site learned of another FTP server exposing patients’ information. This particular FTP server belongs to MedEvolve, an Arkansas company that provides practice management…
Category: Health Data
OR: LaPorte & Associates notifies clients of laptop theft
From their press release: LaPorte & Associates, Inc. (“LaPorte”) today announced an incident involving potential unauthorized access to a laptop containing certain personal information. LaPorte is an insurance agency that provides, among other things, insurance procurement, consultation, and support services for its clients. The data potentially subject to unauthorized access varies, but includes some combination…
CA: Notice to Individuals Regarding Privacy Incident Involving Capitol Administrators, Inc.
Notice how they do not tell us when the phishing attack occurred – only when they concluded their investigation of it. So when was this attack, and when was it actually discovered for purposes of the 60-day clock? And how many people are being notified? From their substitute notice on their web site: Capitol Administrators,…
Data breach affects nearly 900 patients from two San Francisco hospitals
Catherine Ho reports: The personal information of nearly 900 patients of San Francisco General and Laguna Honda hospitals was breached after a former employee of one of the hospitals’ vendors got unauthorized access to the data, the San Francisco Public Health Department said Friday. The data included patients’ names, dates of birth, medical record numbers…
Cerebral Palsy Research Foundation of Kansas notifying 8,300 clients after discovering data had been exposed for 10 months
The Cerebral Palsy Research Foundation of Kansas, Inc. posted the following notice on its site about a breach. According to their report to HHS, the incident resulted in the notification of 8300 clients. May 9, 2018 To CPRF Clients: We are writing to notify CPRF clients of a privacy incident involving demographic data for those…
UK: Patients’ data released in Oswestry orthopaedic hospital breach
Lisa O’Brien reports: The trust running Oswestry’s orthopaedic hospital has reported a data breach involving patients who were involved in a long-standing study. An investigation has been launched after Robert Jones and Agnes Hunt Orthopaedic Hospital NHS Foundation Trust reported the breach to the Information Commissioner’s Office. […] It is understood that the data breach…