In June of 2012, I mentioned a dispute between Kaiser and one of its former business associates, Surefile Filing Systems. At that time, Chris Rauber had reported: “Kaiser handed over to me several hundred thousand patient records without a written contract” in 2008 and the following year, said Stephan Dean, who owns Surefile with his wife,…
Category: Health Data
Medicaid fraud scheme used children's Medicaid numbers and misappropriated therapists' Medicaid provider numbers
Here’s a case where Medicaid fraud created mental health and behavioral records in young people’s records that could have come back to cause difficulty for them at some point. The scheme also involved stealing a therapist’s identity/Medicaid provider number, which could have created serious problems for the therapist. The following is part of a press…
Three more breaches I stumbled across
Occasionally I just pop a different search string into Google to see if it reveals any breaches I didn’t know about. Here are three breaches I stumbled across, none of which seem to have been listed on HHS’s breach tool: The first find was a vendor breach affecting Mission Hospital that they disclosed to patients in…
Omnicell databreach affects over 8,500 patients in New Jersey
And yet another organization — South Jersey Healthcare — has come forward to say that their patients were affected by the Omnicell breach discussed previously on this blog. According to The Daily Journal, 8,555 of their patients were affected. Interestingly, The Daily Journal describes the device as a laptop. All other coverage has been silent…
Update on Omnicell stolen device breach: 56,000 Sentara patients impacted
When an electronic device with unencrypted patient information was stolen from the unattended vehicle of an Omnicell employee, the University of Michigan Health System notified 3,997 of their patients, but there were other hospitals that were not named at the time. Thanks to WVEC, we now know 56,000 Sentara Healthcare patients treated between Oct. 18 and…
HHS announces first HIPAA breach settlement involving less than 500 patients
I was hoping we’d get more information about this settlement and now HHS has provided it. As I had suspected, the Hospice of North Idaho breach affected fewer than 500 patients. And as a commenter suggested, the fine was because they had no risk analysis nor policies for mobile device security. From HHS’s press release:…