In December, 2012, University Dental Associates at the Maimonides Medical Center in Brooklyn, New York notified 2,400 patients that a laptop containing their PHI had been stolen from their office. Although the theft both occurred and was discovered on November 21, it was not reported to the NYPD until November 26, 2012. The computer was…
Category: Health Data
Oral surgeon notifies former patients after laptop with their PHI was stolen from his office (updated)
Closing a private practice is not the end of our data security concerns, as a breach earlier this year reminds us. In January, attorneys for Lee D. Pollan, DMD, PC notified the NYS Division of Consumer Protection that PHI of 13,806 former patients was on a missing laptop. The laptop reportedly went missing from the…
Lawsuits taking a different tack following healthcare data breaches
Jacob Hale Russell of Thomson Reuters reports that because data breach lawsuits generally get dismissed if plaintiffs cannot show financial harm, lawyers are shifting away from lawsuits based on privacy claims to lawsuits based on theories: But plaintiffs’ lawyers of late have been switching tack: Rather than framing lawsuits stemming from data breaches as privacy…
Parents, patients notified of potential identity theft incident at University of Florida pediatric clinic
Another insider breach for identity theft. Another case where the entity never detected the breach until notified by law enforcement. An employee working at a University of Florida medical practice who had ties to an identity theft ring may have compromised patient personal and health information. UF is notifying 5,682 patients and parents of patients…
Oregon Psychiatric Security Review Board breach disclosed
I was reading an article by Yuxing Zheng of The Oregonian , and noticed a reference to a breach involving the state’s Psychiatric Security Review Board that I don’t recall seeing before: The paper and electronic documents were stolen from an employee’s vehicle on May 16, according to a notification letter the board sent the…
HITRUST confirms a public server was hacked, but no sensitive data involved
Given how many claimed hacks are just — well, let’s just call them flat-out lies — more entities are starting to adopt a verify/confirm first before publishing approach. Or they’re publishing and then trying to confirm – a less desirable approach, in my opinion. Adopting the latter approach, Softpedia reached out to HITRUST after hackers…