Brendan Pierson reports: A federal judge has dismissed a proposed class action over a 2015 cyberattack against health insurance company CareFirst BlueCross BlueShield that compromised the data of about 1.1 million people. U.S. District Judge Christopher Cooper in Washington, D.C. ruled Wednesday that the CareFirst policyholders who brought the lawsuit had not shown that they…
Category: Health Data
Three TheDarkOverlord incidents appear on HHS’s public breach tool
Quick note to point out that three of TheDarkOverlord’s victims have reported their breaches to HHS, although the numbers they report do not always match what had been claimed by TDO and previously reported in the media: Midwest Orthopedic Pain and Spine reported that 29,153 patients (not 48,000) were affected; Athens Orthopedic Clinic reported that 201,000…
Walgreens avoids penalty after 9-year privacy breach investigation
I have been following this case from the beginning and wondering why the heck HHS didn’t come down on Walgreens like they did on their competitors CVS and RiteAid. And now we learn that OCR just closed the case with no penalty? Seriously? So CVS and RiteAid get clobbered by both the FTC and HHS/OCR, and Walgreens…….
UK: Domestic abuse privacy breach: Greater Manchester Police pays victim
BBC reports: A domestic abuse victim has received £75,000 from a police force after it revealed details of her treatment by a former boyfriend without her consent. The unnamed woman had agreed Greater Manchester Police (GMP) could refer to her experience in a training session providing she remained anonymous. However, she later learned her identity…
UK: Medical data leak: Doctors hit with £40,000 fine from UK watchdog
Jennifer Baker reports: A doctor’s surgery in Hertfordshire has been fined £40,000 by the UK’s privacy watchdog for giving out personal medical information in breach of data law. Regal Chambers gave information about a woman and her family to her estranged ex-partner, despite staff at the practice being warned that this might happen. Read more on…
What HHS may not do, a state might
Back in June, 2014, this site noted two breaches disclosed by Rady Children’s Hospital in San Diego that involved patient data being disclosed to job applicants. Later that month, we learned that in the process of investigating the two known breaches, Rady uncovered two more such breaches. Rady duly notified HHS in June, 2014. More than two years later, there…