Update: This was reported to HHS/OCR as impacting 53,173 patients. Original post: There were a few press releases about breaches that appeared after 3 pm on the Friday of a three-day holiday weekend. This was one of them: A recent data security incident affected patients receiving services from Onco360 and CareMed Specialty Pharmacy. On November…
Category: Health Data
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
Oklahoma State University Center for Health Sciences notifying 280,000 Medicaid patients after hack
Oof. Oklahoma State University Center for Health Sciences is notifying 279,865 Medicaid patients of a hacking incident. Here is the notice from OSU’s web site: Oklahoma State University Center for Health Sciences (OSUCHS) takes the privacy and security of our patients’ information very seriously. Regrettably, this notice is regarding an incident in which some Medicaid patient information…
Palomar Health notifying patients after nurse caught snooping in records
As seen on their site: Notice to Palomar Health Patients Regarding Unauthorized Access of Patient Health Information Palomar Health is committed to protecting the confidentiality and security of our patients’ information and we regret to inform you of an incident involving some of that information. Sometime between February 10, 2016 and May 7, 2017, some…
Montana State University Billings notifying students after laptop was stolen in November
Ugh. Another laptop was apparently stolen from an employee’s car. This one was from the education sector, but it contained some student health information and health insurance information. The incident was reported by Montana State University Billings to the Montana Attorney General’s Office on January 5, and letters are going out today to affected students….
Coplin Health Systems notifies 43,000 patients after laptop stolen from employee’s car
I really think that if HHS/OCR handed out a few well-advertised very very large monetary penalties, maybe these unencrypted devices stolen from car incidents would decrease. It really is ridiculous that this is still happening in 2018. It’s one thing if we’re talking about a small non-profit or something where they may not have resources…