The Susan M. Hughes Center is a cosmetic surgery and medical spa with locations in New Jersey and Pennsylvania. On December 27, they notified HHS of a ransomware incident affecting 11,400 patients. The following is their statement about the incident: The Susan M. Hughes Center is committed to maintaining the privacy and security of patient information we maintain. This…
Category: Health Data
HHS OCR: Henrico Sen. Dunnavant’s political letter to patients broke health privacy rules, but no sanctions needed
There’s a follow-up to an HHS OCR investigation that I had noted back in October, 2015. And since we don’t see many OCR investigations reported like this one, it’s worth noting. Politicians who are also HIPAA-covered entities, in particular, may wish to take note. Graham Moomaw reports: State Sen. Siobhan S. Dunnavant, a Henrico County…
Eastern Health Investigating Unusual Privacy Breach
It was ultimately a case of calling the wrong phone number, but due to a combination of factors, the error wasn’t realized until after some patient information had been revealed. VOCM reports: Eastern Health is investigating after VOCM Backtalk host Pete Soucy found himself in a recent comedy of errors that resulted in a privacy…
First HIPAA enforcement action for lack of timely breach notification settles for $475,000
OCR has announced a settlement involving a breach that I never even reported on this site at the time and that doesn’t appear to have been in the news at the time. A quick look at HHS’s “Wall of Shame” shows two entries for the incident at issue: one entry says it was reported on…
VA: Former Nurse Sentenced for ID Theft and Bank Fraud
There’s an update to a case previously noted on this site. Capri M. Williams, 26, of Richmond, was sentenced today to three years in prison for identity theft and bank fraud crimes related to her stealing personal identifying information (PII) of hundreds of patients while employed at Commonwealth Primary Care (CPC), Inc., in Richmond. Williams…
Misconfigured MongoDB database exposes sleep disorder program patients’ information
I blacked out while driving and wrecked …. So begins a message that was just one of more than 1,000 messages and more than 1,200 patient profiles exposed to the world because a sleep disorder clinic serving military personnel had a misconfigured MongoDB database that was indexed by Shodan. Thankfully, the files were still intact when MacKeeper Security Research…