UW Health says that 2,036 patients had information compromised after an employee’s email account was used by an unauthorized user. UW Health says they learned on March 28, 2017 that a breach of information happened on March 16, 2017. Officials say an unauthorized individual got access to an employee’s credentials and email account. UW Health…
Category: Health Data
Calling time of death on HHS’s “breach tool”
I was excited back in 2010 when HHS started posting breaches on what some would call the “wall of shame.” I knew that we’d only learn about breaches involving HIPAA-covered entities, but at least we were finally starting to get some actual data. Now, more than 6 years later, it’s become clear to me that it’s probably best to just call time of death…
Careless handling of HIV information jeopardizes patient’s privacy, costs St. Luke’s-Roosevelt Hospital Center $387k
The U.S. Department of Health & Human Services(HHS), Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on impermissible disclosure of protected health information (PHI). St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid HHS $387,200 to settle potential violations of the HIPAA Privacy Rule…
Medical device containing patient information stolen from DePaul Hospital
Samantha Liss reports: SSM Health has notified 836 patients that their personal information may have been compromised after a medical device was stolen from DePaul Hospital. The device looks like a laptop and that’s likely why it was stolen — not because it contained patient information, SSM Health, owner of DePaul Hospital in Bridgeton, said…
Where is the future of HIPAA enforcement headed?
Ira Parghi of Ropes & Gray writes: Since January 2016, the OCR has entered into resolution agreements with, and imposed Corrective Action Plans (CAPs) on, providers and others in at least 12 matters involving the Security Rule. It has also imposed a Civil Monetary Penalty on one entity. Most of these cases involve stolen, unencrypted…
How ECMC got hacked by cyber extortionists
Henry L. Davis provides some greater depth to the coverage of the ransomware attack on Erie County Medical Center: It was 2 a.m. Palm Sunday. Computer screens across Erie County Medical Center flashed white with bright red words: “What happened to your files?” The ransom demands began with hot pink text. “Step1: You must send us…