Keiran Southern reports: Confidential medical records belonging to dozens of North East patients have gone missing from Tyneside hospitals. The documents were taken after being left unsecured in a van outside a property in Fenham, Newcastle. Thieves stole the vehicle holding 143 private medical records of patients at the Royal Victoria Infirmary, Freeman Hospital and Campus for…
Category: Health Data
Mercy Iowa City and Mercy Clinic notify patients after alerted to malware by law enforcement (updated)
Update of March 28: This breach reportedly affected 15,000 patients. Public notice from Mercy Iowa City, dated March 25: Notice to our Patients Regarding a Privacy Incident Mercy Iowa City (“Mercy”) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice concerns an incident involving some of that information. On…
JASACare notifies 1,154 patients of breach
HIPAA Journal reports: JASACare, a New York-based home care services provider, has reported it has been attacked by hackers who managed to gain access to its email system. The attack is believed to have been conducted in order to steal money from corporate accounts by making fraudulent bank transfers. However, as a consequence of the breach of…
Elliot J. Martin Chiropractic notification to patients of HIPAA breach
Ah. I was waiting for an explanation of an entry in HHS’s breach tool about a Long Island chiropractic practice incident that impacted 1,200 patients. Here it is, below. I’m pleased to see that the doctor is now removing some identity information from the system. I wish more practices would do that. This Notice of Potential Breach of Personal…
When do covered entities need to report ransomware incidents to HHS?
At the PHI Protection Network conference last week, we spent a lot of time discussing the increasing rate of ransomware attacks. I asked a number of people whether they thought that ransomware attacks that (merely) locked up the data with no evidence of exfiltration had to be reported to HHS. I got a variety of…
Ontario hospital website may have infected visitors with ransomware, security firm says
Emily Chung reports: The website of an Ontario hospital may have infected the computers of patients and staff with ransomware planted on the site during a hack attack, the internet security company Malwarebytes warns. Norfolk General Hospital, located in Simcoe, Ont., confirms its website was hacked by cybercriminals, but denies that visitors were ever at risk. […] Jérôme Segura, a senior security researcher with Malwarebytes, reported in a blog…