As I commented to someone recently, a security incident involving Appalachian Regional Hospital facilities in Beckley and Summers County struck me as a really serious one because it was impacting patient care. While ARH responded promptly and initiated its emergency operations plan after detecting that its system was infected, it seemed clear that shifting to an…
Category: Health Data
OR: Asante Notifies Patients of Inappropriate File Access by Employee
The following is a press release: Asante announced today that it is notifying individuals related to a privacy incident involving certain patient information. On July 13, 2016, Asante determined that an employee had inappropriately accessed certain electronic patient records. Asante immediately began an investigation related to this incident and the specific employee, which was completed on July…
PA: King of Prussia Dental Associates and Pediatric Dentistry of Collegeville notify patients after finding computer intrusion
The following is a press release: King of Prussia Dental Associates and its affiliate Pediatric Dentistry of Collegeville (KOP Dental) are committed to maintaining the privacy and security of the protected health care information of the organizations’ patients. Recently, KOP Dental detected irregular activity on a computer server and immediately took action. On or about June 1, 2016,…
Your Life, Repackaged & Resold: Deep Web Exploitation of Health Sector Breach Victims
A paper by James Scott, Sr. Fellow, Institute for Critical Infrastructure Technology, and Drew Spaniel, Researcher, Institute for Critical Infrastructure Technology provides an overview of what’s going on on the dark web when it comes to patient-related information. You can access it here.
KS: Breach of Protected Health Information discovered at Decatur Health Systems
September 7 – OBERLIN, KS – On July 25, 2016, it was discovered that a CAT scan log binder detailing patient information was not in its typical location on the Decatur Health System (DHS) premises. The binder was believed to be taken from DHS premises between 5pm on July 22, 2016 and 7am on July 25,…
Baltimore addiction treatment clinic hacked; patients’ info up for sale on dark web (UPDATED)
The non-profit organization Man Alive in Baltimore provides substance abuse treatment and mental health services to some of the city’s neediest residents. As if the facility didn’t have enough challenges, on August 24, they were hacked, and a patient database with sensitive personal and treatment information was put up for sale on the dark web. DataBreaches.net was first tipped to…