Another day, another successful phishing scheme. In late afternoon on March 1, 2016, Main Line Health learned of a “spear phishing” incident that affected the personal information of all Main Line Health employees. Main Line Health immediately alerted federal authorities, including the IRS and FBI, regarding this incident and is cooperating with their investigation. No…
Category: Health Data
Eye Institute of Corpus Christi notifies patients of breach
Here’s yet another case where patients’ personal information and protected health information was stolen and used to solicit patients to another practice. The Eye Institute of Corpus Christi, through its external counsel, disclosed that on January 6, they learned that individuals associated with doctors formerly employed by the Eye Institute copied the patient database and provided…
UK: Confidential records of 37 Derriford Hospital patients discarded in Truro charity clothing bank
WBGayle reports: Dozens of people’s medical records were found discarded in a charity clothing bank in Truro. Patients receiving care at Derriford Hospital in Plymouth say they were left “shocked” and “disgusted” after learning their records had been put in the bin by a former member of staff at the hospital. The documents contained each patient’s…
IL: FHN Memorial Hospital reveals hard drive with patient info was stolen in December
Adam Poulisse reports: A computer hard drive containing patient information was stolen from FHN Memorial Hospital in December. The hard drive did not contain medical records, but did have internal reports and spreadsheets with patient data, according to a FHN news release. The files may have included a patient’s name, Social Security number, contact information,…
BJC HealthCare Accountable Care Organization Notifies Patients of Unencrypted Email
(Feb. 26, 2016, ST. LOUIS) – BJC HealthCare Accountable Care Organization (BJC ACO) has notified 2,393 patients that identifying information was sent to a participating medical practice through an unencrypted email. All affected patients have been offered identity theft protection free of charge. BJC ACO discovered on Dec. 30, 2015, that an email containing health information…
HIPAA Covered Entities Not Responsible For Intercepted Transmission of PHI When Individual Requested Unsecured Transmission, Office for Civil Rights Concludes
Joseph Lazzarotti of Jackson Lewis highlights an important note in recent OCR guidance: What is a covered entity’s obligation under the Breach Notification Rule if it transmits an individual’s PHI to a third party designated by the individual in an access request, and the entity discovers the information was breached in transit? If a covered…