U.S. HealthWorks, a Dignity Health member, is notifying employees that one of their fellow employees screwed them by leaving a laptop with their unencrypted name, address, date of birth, Social Security number, and job title in a car, from where it was stolen overnight. Well, they don’t describe it that way, but that’s the net result,…
Category: Health Data
Data breach lawsuit against UPMC by employees dismissed
It was one year ago that a lawsuit was filed against the University of Pennsylvania Medical Center (UPMC) over a data breach that allegedly resulted in many employees becoming victims of tax refund fraud. Now Adam Brandolph reports that the lawsuit in Common Pleas court was dismissed by an Allegheny County judge. Common Pleas Judge R. Stanton Wettick…
Buffalo Heart Group discovers insider wrongdoing involving patient information
Jill Perkins of WKBW in Buffalo, New York posted a statement from attorneys for the Buffalo Heart Group: The Buffalo Heart Group, LLP, a local medical practice, uncovered a serious breach of its computer system that took place in the Spring, 2014 and affected between 500 and 600 of its patients. The recently completed internal…
Jersey City Medical Center employee gaffe exposed patients’ PHI in e-mail attachment
Add Jersey City Medical Center to entities experiencing an e-mail breach of PHI. From their statement of April 20, 2015: On February 19, 2015, as part of routine hospital operations, an employee of Jersey City Medical Center accidentally sent an e-mail meant for internal use that included an attached spreadsheet with some patient information to…
Update: Boyd Hospital recovers records that had become new building owner’s property
HIPAA Journal has an update to a situation I had previously noted on this site – a hospital that failed to remove stored medical records from a building before its new owner took possession – despite, the new owner says, repeated calls on his and a realtor’s part alerting them to the situation. The hospital attempted…
United Recovery Group notifying patients of HIPAA privacy breach (updated)
Florida-based Unity Recovery Group is notifying patients of a HIPAA breach that involved disclosure of their protected healthy information to providers outside their network without prior written consent. The breach apparently began in April 2014 and continued for a full year, until it was discovered in April of this year, as their letter explains: We…