On July 12, the hacker known as “The Dark Overlord” (TDO) offered the source code, software signing keys, and customer license database for a firm that develops and markets software that among other things, implements the HL7 standards. The entity was not named in the listing on TheRealDeal Market. As I reported on July 12, I was…
Category: Health Data
Ca: Dr. Fernando Rojas ‘terminated’ for privacy breach
More than two years after a disturbing privacy breach was first disclosed, Dr. Fernando Rojas has – FINALLY – been fired by Vitalité Health Authority for snooping in over 140 patients’ files over a two-year period. Read more on CBC. And yes, if it takes you two years to detect snooping and then another two years to…
Alabama website breach revealed personal data of some state retirees
Mike Cason reports: A Mobile woman who was helping her parents with their state health insurance coverage saw names, dependent’s names, dates of birth and Social Security numbers of other insurance program members on the system’s website. Amanda Murdick said when she opened a portal for members on the website of the Public Education Employees’…
New HHS guidance on Ransomware and HIPAA
I hate it when I tweet something but forget to post it. In today’s installment of “Smacking Myself in the Forehead,” I remember to tell readers that HHS has issued a new guidance on ransomware and HIPAA. A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since…
OHSU pays nearly $3 million over two data breaches in 2013
Lynn Terry has the scoop on what appears to be a new HHS resolution agreement. There’s nothing up on HHS’s site or in my mailbox yet about this one, but I had covered the four breaches mentioned in her report as well as a more recent breach (search OHSU). Oregon Health & Science University has…
Maryland federal judge says possible future injuries not enough in data breach class action
Jessica Karmasek reports: A Maryland federal court, joining a handful of other federal courts, recently dismissed a data breach class action for lack of standing. Judge Richard Bennett for the U.S. District Court for the District Court of Maryland nixed the putative class action brought against CareFirst Inc. and CareFirst of Maryland Inc. The plaintiffs,…