So it appears I missed a third-party vendor/business associate leak that affected at least two covered entities and possibly more. Great thanks to Humana for sending along the vendor’s press release when I inquired about a breach report Humana had made to HHS as affecting 5,764 members or potential members. It turns out that the…
Category: Health Data
Baptist Health Louisville notifies 880 patients after phishing incident
Baptist Health Louisville in Kentucky recently notified 880 patients of a phishing incident. The incident was also reported to the U.S. Department of Health and Human Services. According to a substitute notice in response to the breach, on October 3, Baptist Health discovered that an employee’s email account credentials were obtained by an unauthorized third-party…
Mercy Health/Love County Hospital And Clinic Patients Notified Of Medical Records Incident
The press release below from Mercy Health/Love County Hospital is described as a supplement to an incident that they – and we – first reported in July. In September, the entity notified HHS that they had notified 13,004 patients, a notification that they reference below as a precautionary measure. I’m not sure why they needed…
MN: Colorado Center for Reproductive Medicine in Minneapolis warns clients of data breach
KARE reports: A Twin Cities fertility clinic is warning clients about a data security incident that may have put personal information at risk. CCRM Minneapolis, which is located in Edina, says the clinic’s servers were targeted by a ransomware attack on October 3, which triggered an investigation to determine if sensitive information had been put at…
Former employee reportedly steals mental health data on 28,434 Bexar County patients
Samantha Ehlinger reports: The Center for Health Care Services in San Antonio is notifying 28,434 local patients whose Social Security numbers, mental health and other sensitive records were stolen when a former employee allegedly took the data on his personal laptop after he was fired, the company said in a news release. The mental health…
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto reports: An attack on a single IV infusion pump or digital smart pen can be leveraged to a widespread breach that exposes patient records, according to a Spirent SecurityLabs researcher. Saurabh Harit, managing consultant with Spirent, will present his findings on flaws in IV infusion pumps and digital smart pens at Black Hat…