Glad to see this announcement from HHS/OCR: Since the passage of the Health Information Technology for Economic and Clinical Health Act of 2009 and the subsequent implementation of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule, OCR has prioritized investigation of reported breaches of protected health information (PHI). The root causes of…
Category: Health Data
Patient info from Missouri clinic hacked by TheDarkOverlord remains online and available. Why?
In a post yesterday, I reported that protected health information and identity information of patients of Athens Orthopedic Clinic that had been leaked online by hackers remained available to anyone who knows where to look for it. Although it’s frustrating and understandably worrying to patients, I give AOC credit that they tried to find the leaks and plug them. I…
Locky Targets Hospitals In Massive Wave Of Ransomware Attacks
Tom Spring reports: A massive Locky ransomware campaign spotted this month targets primarily the healthcare sector and is delivered in phishing campaigns. The payload, researchers at FireEye said, is dropped via .DOCM attachments, which are macro-enabled Office 2007 Word documents. Especially hard hit are hospitals in the United States followed by Japan, Korea and Thailand, according to research…
Plaintiffs Cannot Bring Data Breach Lawsuits Without Evidence That Information Will Be Used To Harm
Every time there’s a big breach that has consumers or patients outraged, I see rumblings in the Comments section of posts about class-action lawsuits. An article by John Devine, Edward McAndrew, and Gregory Szewczy of Ballard Spahr about a recent opinion in District Court for the D.C. Circuit is a timely reminder of the uphill battle plaintiffs may…
P.E.I. MLA wants answers about privacy breach at care home
Ryan Ross reports: Health P.E.I. started an investigation into allegations of privacy breaches at the Margaret Stewart Ellis Home in O’Leary. Photos were posted on social media and the CBC reported last month the pictures included a headshot of one of the facility’s deceased residents. In addition, an employee had, over a period of…
Rotech Healthcare notifies patients whose details were found in possession of unauthorized individual
Rotech Healthcare Inc., a provider of home respiratory and medical equipment equipment and supplies, notified HHS of a breach involving 957 patients. Here is their notification: Rotech Healthcare Inc. (“Rotech”) would like to notify you of a recent incident that may affect the security of your personal and protected health information. We are providing you…