Yakov Shafranovich found a vulnerability that exposed patients’ prescription histories to others as long as the other(s) had their full name and date of birth: During the signup process, PillPack.com prompts users for their identifying information. In the end of the signup rocess, the user is shown a list of their existing prescriptions in all…
Category: Health Data
Ca: Confidential medical records found abandoned
So HHS discloses a settlement with a pharmacy that did not properly dispose of patient records, and now we hear that a Canadian pharmacy has also failed to dispose of records properly. CTV reports: A discovery inside an apartment building’s recycling bin has one London man fuming, after private medical documents from a nearby pharmacy…
CA: Court orders hospital to release staff info following patient privacy breach
SanDiego6 reports: County USC-Medical Center must turn over the names and duties of all nurses and other medical personnel who treated a La Canada Flintridge woman who stuck pencils in her eyes in a suicide attempt as well as the identifications of staff supervisors, a judge ruled Thursday. The self-mutilated woman’s image was captured by…
Breach notification letters create second breach for health co-op
I had been a bit critical in reporting on a recent breach involving the Oregon’s Health Co-Op, writing: In reading the substitute notice below, note that they do not say from where the laptop was stolen, nor how many were affected. And what kind of “commitment” to privacy is it to just password-protect a laptop…
Phishing attack hits another healthcare system
Partners Healthcare System has become the latest healthcare system to disclose that patient data was compromised by employees falling for phishing attacks: Partners HealthCare System, Inc. and its affiliated institutions and hospitals, including Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital,North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital (“Partners…
Theft of private data on 900 L.A. County-USC patients investigated
Veronica Rocha reports: Officials are investigating a security and privacy breach affecting 900 patients who were treated at the Los Angeles County-USC Medical Center’s mental health facility. The breach was discovered April 3 during a search of the home of a nurse who was employed at the Augustus F. Hawkins Mental Health Center, said Michael…