From their substitute notice: On August 15, 2016, Mercy Hospital & Medical Center discovered that some medical billing information for a total of 547 patients was potentially exposed as a result of a third-party billing service’s loss of Mercy’s documents from their offices. The information exposure occurred on August 15, 2016. We have taken the necessary…
Category: Health Data
$2.14 million HIPAA settlement underscores importance of enterprise-wide risk analysis
St. Joseph Health (SJH) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following the report that files containing electronic protected health information (ePHI) were publicly accessible through internet search engines from 2011 until 2012. SJH, a nonprofit integrated Catholic health care delivery…
Indiana business associate providing employee benefits management notifies 7,242 after laptop theft
From their notification letter, which does not explain why it took 2.5 months for them to make notifications nor where the laptop was stolen: We are writing to inform you of a data security incident at Gibson Insurance Agency, Inc. (“Gibson”) that may have resulted in the disclosure of your personal information, including your name…
Rainbow Children’s Clinic notifies 33,368 patients of ransomware attack
On October 4, Rainbow Children’s Clinic in Texas notified HHS of an incident affecting 33, 368 patients. Here is their notice from their web site, describing a ransomware incident: On August 3, 2016, Rainbow Children’s Clinic was the victim of a hacker who accessed its computer system and then launched a ransom ware attack that…
CalOptima discloses second HIPAA breach in as many months
For the second time in as many months, CalOptima is reporting a breach (see last month’s disclosure, here). According to a statement uploaded to the California Attorney General’s web site: On or about August 17, 2016, a departing CalOptima employee downloaded data, which included protected health information, to an unencrypted USB flash drive. Shortly after,…
Curtis F. Robinson, M.D. notifies patients after ransomware attack on EMR provider
From the press release, this appears to be the same ransomware incident that Marin Medical Practices Concepts previously reported. Both MMPC Prima Medical Foundation subsequently reported that 5,000 patients were being notified that patient records were lost during the backup recovery process. Dr. Robinson’s practice appears to have been similarly affected. On August 22, 2016, Dr….