WCSC reports that 360 patients of Roper St. Francis Hospital will be getting a letter about a lost flash drive that contained what a hospital spokesperson described as “limited patient information.” The information may be “limited,” but it still is sensitive: names, ages, diagnoses, and dates of procedures. Hospital officials say a thorough search and investigation was conducted, and…
Category: Health Data
Security Advisory – PillPack.com Online Pharmacy
Yakov Shafranovich found a vulnerability that exposed patients’ prescription histories to others as long as the other(s) had their full name and date of birth: During the signup process, PillPack.com prompts users for their identifying information. In the end of the signup rocess, the user is shown a list of their existing prescriptions in all…
Ca: Confidential medical records found abandoned
So HHS discloses a settlement with a pharmacy that did not properly dispose of patient records, and now we hear that a Canadian pharmacy has also failed to dispose of records properly. CTV reports: A discovery inside an apartment building’s recycling bin has one London man fuming, after private medical documents from a nearby pharmacy…
CA: Court orders hospital to release staff info following patient privacy breach
SanDiego6 reports: County USC-Medical Center must turn over the names and duties of all nurses and other medical personnel who treated a La Canada Flintridge woman who stuck pencils in her eyes in a suicide attempt as well as the identifications of staff supervisors, a judge ruled Thursday. The self-mutilated woman’s image was captured by…
Breach notification letters create second breach for health co-op
I had been a bit critical in reporting on a recent breach involving the Oregon’s Health Co-Op, writing: In reading the substitute notice below, note that they do not say from where the laptop was stolen, nor how many were affected. And what kind of “commitment” to privacy is it to just password-protect a laptop…
Phishing attack hits another healthcare system
Partners Healthcare System has become the latest healthcare system to disclose that patient data was compromised by employees falling for phishing attacks: Partners HealthCare System, Inc. and its affiliated institutions and hospitals, including Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital,North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital (“Partners…