In March, 2015, the D.C.-based Children’s National Medical Center notified 18,000 patients of a breach that occurred between July 26, 2014 and December 26, 2014 after employees fell for phishing emails. In May, 2015, they were sued over that breach. Now, CNMC has disclosed another breach, this one involving a former vendor who provided medical transcription services. Their press…
Category: Health Data
Student disability info ‘lost’ by uni was unencrypted and unsecured
Tom Joyner reports: The disability information of nearly 7,000 current and former students of the University of Sydney “lost” in a major privacy breach in February was unencrypted and unsecured, an internal review of incident has found. The information was lost when a software developer employed by the University left a laptop containing a student disability…
Breach at vendor’s results in Mayfield Brain & Spine patients receiving emails containing malware
CINCINNATI, OH: On February 23, 2016, many people began receiving a fraudulent email titled “Important Information: invoice 11471” from an unauthorized person who had accessed Mayfield Brain & Spine’s account at an outside vendor. This email was not sent by Mayfield. Mayfield notified recipients of the malicious email as soon as possible that same day,…
Ca: Confidential patient records accessed by Inuvik Hospital employees
Following up on an investigation first disclosed in February, CBC News reports: The Beaufort Delta Health Authority confirmed today that there was a breach of patients’ health records by employees at the Inuvik Hospital. The hospital said it has sent letters to 67 patients informing them their health records had been compromised. Read more on…
Chelsea and Westminster NHS trust fined £180,000 for HIV newsletter data breach
There’s a follow-up to the breach involving the 56 Dean Street clinic in London run by the the Chelsea and Westminster NHS Trust. The breach involved a staff member accidentally exposing all recipients of an HIV newsletter in the To: field. Today, the Information Commissioner’s Office announced a monetary penalty stemming from the incident: A London NHS…
Ohio Department of Mental Health and Addiction Services (OhioMHAS) notifies patients of PHI exposure
This April 22nd notice seems to have flown under the media radar: The Ohio Department of Mental Health and Addiction Services (OhioMHAS) today notified the public of a privacy incident involving protected health information (PHI). The issue involves a February 2016 postcard sent to consumers of mental health services inviting participation in a satisfaction survey….