Andrea K. McDaniels reports: A doctor’s practice plan affiliated with the University of Maryland School of Medicine has notified patients that somebody hacked the account of a physician assistant’s email account that contained the personal information of patients. The orthopedics practice at The University of Maryland Faculty Physicians Inc. mailed letters to about 1,500 patients…
Category: Health Data
Summit Reinsurance Services breach affected 19,000
The Summit Reinsurance Services ransomware breach, noted previously on this site, is beginning to attract more attention. First State Update reports: As a result of multiple consumer complaints, the Delaware Department of Insurance has been made aware of a security breach, involving Summit Reinsurance Services, Inc. (“SummitRe”) and BCS Financial Corporation, both subcontractors of Highmark…
“….and in no case later than 60 calendar days after discovery of a breach”
I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…
Marijuana dispensaries hit by hack of tracking software system
Dan Adams reports: Marijuana shops across the country, including seven medical dispensaries in Massachusetts, are being affected by the apparent hack of a sales and inventory system widely used in the cannabis industry. […] MJ Freeway, a Denver company whose “seed-to-sale” tracking software is used by hundreds of marijuana companies to comply with state regulations,…
Canadian plastic surgery center and spa were leaking patient files
Dr. M.W. Elmaraghy, a Canadian plastic surgeon, owns SpaSurgica, an outpatient plastic surgery clinic in Waterloo. He also owns Rejuvenate Medical Spa, which is at the same location as SpaSurgica. On December 27, Bob Diachenko of the MacKeeper Security Research team contacted DataBreaches.net to say they had discovered patient data from those two entities was exposed and that anyone could…
Cosmetic surgery center discloses ransomware attack
The Susan M. Hughes Center is a cosmetic surgery and medical spa with locations in New Jersey and Pennsylvania. On December 27, they notified HHS of a ransomware incident affecting 11,400 patients. The following is their statement about the incident: The Susan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This…