Samantha Liss reports: SSM Health said that a former employee inappropriately accessed the medical records of its patients in multiple states. Unclear of the full extent, SSM said it’s notifying all 29,000 patients whose records were ever accessed by this former call center employee. […] The former employee inappropriately accessed certain records over an eight-month…
Category: Health Data
U. of Rochester Jones Memorial Hospital impacted by cyberattack
From the hospital’s site, today: Jones Memorial Hospital is experiencing unexpected computer downtime due to a cyberattack. A limited number of our information services have been affected. However, to the best of our knowledge no patient financial or medical information has been compromised. We have been in contact with law enforcement and the New York…
HHS announces $2.3 million settlement with 21st Century Oncology for violations of HIPAA
I’m not sure why HHS delayed a few weeks in announcing their settlement with 21st Century Oncology, as some of us reported the $2.3 million settlement earlier this month, but HHS has now issued a press release: Failure to protect the health records of millions of persons costs entity millions of dollars 21st Century Oncology,…
Colorado family practice notifies patients following hacking incidents
Longs Peak Family Practice, PC (“LPFP”) is notifying patients following a ransomware and hacking incident that were first detected on November 5. From their notification: LPFP immediately began investigating and took actions to attempt to secure the network, but the hacker executed malicious code within the network before it could be stopped. The malicious code…
PA: Employee-patient allegedly photographed during surgery files suit against Washington Hospital and others
Barbara Miller reports: An employee of Washington Hospital who had an operation at her workplace filed a complaint in Washington County Court against the institution, a doctor and several co-workers in connection with photos of her private parts that allegedly were taken and later shared. The plaintiff, identified only as Jane Doe, worked as a…
A tale of three leaks, Wednesday edition
On December 6, DataBreaches.net was contacted by researchers who requested help notifying two entities that they were exposing health information due to misconfigured AWS S3 buckets. They would turn out to be a delight to deal with, unlike a third entity that was also leaking information from a misconfigured S3 bucket. So let’s start with…