It seems Contra Costa Health Plan discovered that a contractor that they had hired and who had access to EHR beginning on December 1, 2014 had used a falsified identity to get the contractor position. The position involved access to EHR as part of the contractor’s functions relating to utilization management. In a letter to…
Category: Subcontractor
Baylor Scott & White Medical Center – Frisco notifies 47,000 patients after third-party bill payment vendor was hacked.
Baylor Scott & White Medical Center – Frisco, a joint venture managed by United Surgical Partners International (USPI), announced today it has sent letters to approximately 47,000 patients or guarantors whose payment information, including partial credit card information, may have been subject to an inappropriate computer intrusion. Baylor Scott & White Medical Center – Frisco…
Another Click2Gov breach? Why is this still happening?
Hays Post reports: Authorities are investigating a data breach that may have affected hundreds of customers in Kansas. On Friday, the City of Topeka was notified by their Utility Billing Payment System software vendor Central Square that the city had been a potential victim cyber-attack, according to a media release. This potential data breach has…
Twelve US states join for the first time to file multistate data breach lawsuit
Catalin Cimpanu has a good write-up about the multistate lawsuit against Medical Informatics that I noted earlier this week: Attorneys general from twelve US states have joined together to file the first-ever joint cross-state HIPAA lawsuit against a healthcare provider that got hacked in the summer of 2015. The lawsuit, filed in an Indiana court…
Florida contractor physicians’ group settles HHS claims after they failed to have a BA agreement in place with a vendor who had a breach
There is a follow-up to a 2014 breach reported on this site at the time. But it turns out there was an interesting twist to this case that HHS followed up. Here is their press release: Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the…
Medical Informatics sued by multiple states over 2015 breach
A 2015 hack of Medical Informatics stayed in the headlines for quite a while because it compromised the data, including health information, of 3.9 million people. In addition to suits filed by consumers, state attorneys general have also sued the business associate, as Dave Gong reports: Fort Wayne-based Medical Informatics Engineering Inc. failed to secure…