Kashmir Hill reports an all-too-common scenario, this one involving security researcher Kristian Erik Hermansen: 1. White-hat hacker discovers vulnerability, tries to notify responsible party. 2. White-hat hacker gets nowhere despite numerous attempts to contact responsible party. 3. White-hat hacker discloses publicly. 4. Responsible party pays attention but is more focused on covering up problem. 5. The…
Category: Health Data
Required HIPAA breach notification or political dirty trick?
Okay, this is a bit different. On January 4, Coulee Medical Center in Grand Coulee, Washington, posted this notice on its web site: This notice is posted pursuant to federal Health Insurance Portability and Accountability Act of 1996 breach notification regulations found at 45 CFR Parts 160 and 164 and the Health Information Technology for Economic…
Follow-up: Two Members Of Identity Theft Ring Targeting Government Employees Sentenced
There was a follow-up to this case, published January 10 by the U.S. Attorney’s Office for the Eastern District of Virginia: Adrienne Pritchett, 42, of District Heights, Md., was sentenced to 57 months in prison, followed by four years of supervised release, for bank fraud and aggravated identity theft. Pritchett has also agreed to pay…
OH: Southwest General Health Center notifies obstetrical study participants after binder with PHI lost
Brie Zeitner reports from Cleveland, Ohio: Southwest General Health Center is notifying about 480 patients who were part of an obstetrics study that some of their private information was recently lost, including names, clinical information, data on births and medical record numbers. The data was included in one binder, according to the health system, and the…
WA: Fire department medical response records and personnel information hacked (updated)
Press release from NORCOM, issued yesterday: BELLEVUE, Wash.–The North East King County Regional Public Safety Communication Agency (NORCOM) has announced it is working with local and federal agencies to investigate the security breach of a server that stored records of an estimated 6,000 medical responses for Duvall Fire District 45, Skykomish Fire Department and Snoqualmie…
What Happens in the Hospital Doesn’t Stay in the Hospital
Melissa Jayne Kinsey compiles some cases where medical personnel breached patient privacy by their use of social media – sometimes intentionally. Read her article on Slate.