St. Joseph Health (SJH) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following the report that files containing electronic protected health information (ePHI) were publicly accessible through internet search engines from 2011 until 2012. SJH, a nonprofit integrated Catholic health care delivery…
Category: Health Data
Indiana business associate providing employee benefits management notifies 7,242 after laptop theft
From their notification letter, which does not explain why it took 2.5 months for them to make notifications nor where the laptop was stolen: We are writing to inform you of a data security incident at Gibson Insurance Agency, Inc. (“Gibson”) that may have resulted in the disclosure of your personal information, including your name…
Rainbow Children’s Clinic notifies 33,368 patients of ransomware attack
On October 4, Rainbow Children’s Clinic in Texas notified HHS of an incident affecting 33, 368 patients. Here is their notice from their web site, describing a ransomware incident: On August 3, 2016, Rainbow Children’s Clinic was the victim of a hacker who accessed its computer system and then launched a ransom ware attack that…
CalOptima discloses second HIPAA breach in as many months
For the second time in as many months, CalOptima is reporting a breach (see last month’s disclosure, here). According to a statement uploaded to the California Attorney General’s web site: On or about August 17, 2016, a departing CalOptima employee downloaded data, which included protected health information, to an unencrypted USB flash drive. Shortly after,…
Curtis F. Robinson, M.D. notifies patients after ransomware attack on EMR provider
From the press release, this appears to be the same ransomware incident that Marin Medical Practices Concepts previously reported. Both MMPC Prima Medical Foundation subsequently reported that 5,000 patients were being notified that patient records were lost during the backup recovery process. Dr. Robinson’s practice appears to have been similarly affected. On August 22, 2016, Dr….
Subcontractor error exposed Vermont Health Connect customers’ SSNs
AP reports: A security lapse earlier this summer has jeopardized the Social Security information of nearly 700 users of Vermont’s online health insurance marketplace. Vermont Public Radio reports officials learned of the security breach when one Vermont Health Connect customer found her name and Social Security number on an online document while conducting an internet search….