In 2013, I reported on a patient data breach involving LANAP & Implant Center. I followed up on the breach because although 11,000 patients had their unencrypted personal information uploaded to PirateBay, Dr. DiGiallorenzo had seemingly not notified all patients that their information had been compromised and remained at risk of download by criminals on…
Category: Health Data
NY: Hundreds of Personal Medical Records Intended for Lab Faxed to Brooklyn Marketing Firm in Error
Pei-Sze Cheng reports: A Brooklyn marketing office was inundated for months by hundreds of private medical documents meant for Quest Diagnostics, but couldn’t get anyone at the clinical laboratory services company to take action until she called NBC 4 New York’s I-Team. Gabby Klotzman started working for APS Marketing Group in Flatbush in April and…
U. Cincinnati Medical Center email errors affect 1,064 patients
Joe Rosemeyer reports: More than 1,000 patients of UC Health may have had their private information exposed, all because of an email address mixup. The mistake — two letters switched in an email domain name (the part after the @ sign) — happened nine times starting in August 2014, spokeswoman Diana Lara said late Friday…
NC: DHHS discloses second Medicaid data breach
WRAL reports that the North Carolina Department of Health & Human Services has had a second breach involving hundreds of Medicaid patients. It was the second time in as many months that an employee error involving unencrypted e-mail resulted in exposure of patient information. This time, the breach reportedly affected 524 patients. Officials said they have installed…
NJ: Personal records left unprotected at shuttered Brisbane center
Mike Davis reports: Inside the former Arthur Brisbane Child Treatment Center sat piles of cardboard boxes, turning the former psychiatric hospital into a makeshift storage facility. The files contained within run the gamut of both state employees and Brisbane patients, including personal information such as social security numbers, medical history and banking information. The only problem? The…
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…