First, a quick update on the Athens Orthopedic Clinic breach: It took two requests, but I’m pleased to report that Pastebin removed three pastes with over 1,350 patients’ information. Those pastes were separate from an earlier paste with an additional 500 patients’ information. News outlets that continue to report that 500 patients’ information was exposed and put up for sale are, to…
Category: Health Data
When is a PHI breach reported to HHS not a breach of PHI?
Back in March, this site reported on an incident disclosed by the Eye Institute of Corpus Christi. The incident involved individuals copying the patient database and providing it to doctors formerly associated with the entity. The doctors then allegedly used the information to recruit patients to their practice. It was not clear from the notification…
OCR closes investigation of Bizmatics, Inc. breach
In doing some of my weekly investigating, I discovered that OCR seems to have closed its investigation into the Bizmatics, Inc. breach that affected an untold number of PrognoCIS customers and their patients. At last count, I think we knew about almost 300,000 patients that were notified of an incident where Bizmatics could not even…
Details emerge on Cefalu Eye-Tech of Green breach
As much as I try to find or obtain details on breaches in a timely fashion, it’s not always possible. For example, this month, there are several entities who reported breaches to HHS but have not responded to email and/or phone requests from this site for explanations of their incidents. But now we finally have…
Unorthodox Muddy Waters Partnership Targets St. Jude’s Devices
More on a situation I noted yesterday. This approach to using/monetizing vulnerability discoveries is downright scary…. but will it work to improve security? Here’s one of your must-reads for today. Jordan Robertson and Michael Riley report: When a team of hackers discovered that St. Jude Medical Inc.’s pacemakers and defibrillators had security vulnerabilities that could put…
NYC students’ personal info left on street in careless breach
For your “Why is this still happening in 2016?” file: Just one day after New York State Education Department announced it has appointed its first Chief Privacy Officer, WABC reports: In a shocking breach of confidential information, names, addresses, even social security numbers for students and parents were found outside a Bronx school. Eyewitness News has learned…