Hill Country Memorial Hospital (“Hill Country”) of Fredericksburg, Texas has advised its patients and some job applicants of a privacy event that may have compromised certain personal information. On April 21, HCMH issued the following press release: Hill Country Memorial Hospital (“Hill Country”) of Fredericksburg, Texas has advised its patients and some job applicants of…
Category: Health Data
Pentucket Medical notifies employees and patients of data security incident
Speaking of confusing incident reports, Pentucket Medical in Massachusetts reported a somewhat confusing incident to the New Hampshire Attorney General’s Office. It seems that on January 18, four boxes of mainly physician/clinician records were removed from CubeSmart Storage Facility by another client of the facility. Why that client might knowingly remove those cartons, and how…
Harrisburg Gastroenterology notifies patients of data security incident
Harrisburg Gastroenterology, Ltd. issued a press release yesterday that leaves a lot of questions unanswered: Harrisburg Gastroenterology, Ltd. announced today that it is notifying individuals related to a privacy incident involving certain patient information. On March 17, 2017, following an investigation of potentially suspicious system activity, Harrisburg Gastroenterology determined that an unauthorized individual could have…
UK: Fertility patient data breach fine would have been much higher under GDPR
John Bryan uses a recent monetary penalty by the Information Commissioner’s Office to contrast what might happen to fines under the GDPR. Fertility patients being treated at the Lister Hospital, part of the US-based HCA Healthcare group, discovered in April 2015 that transcripts of their confidential patient-doctor conversations were publicly available on the world wide web….
Greenway Health Reports Ransomware Attack (Updated)
From Greenway Health: TAMPA, April 24–An apparent criminal cyber attack that has affected a limited portion of its customers was reported today by Greenway Health to its affected customers, the company says. The incident involves “ransomware,” in which the attackers freeze access to data and offer to restore it in exchange for a ransom payment….
AU: Privacy breach costs $23,000 – but could have been worse
Alison Baker and Rhiannon Nixon of Hall & Wilcox write: The Office of the Australian Information Commissioner (OAIC) has ordered Comcare to pay a Defence Force employee $23,000 after it inadvertently published on its website personal information, including sensitive health information, about the employee. For organisations with obligations under the Privacy Act 1988 (Cth), this…