Common sense dictates that patients’ protected health information should not be made freely available on FTP servers that have no login required. And yet it still happens, and has happened again. Recently, this site learned of another FTP server exposing patients’ information. This particular FTP server belongs to MedEvolve, an Arkansas company that provides practice management…
Category: Subcontractor
Mason Law Office notifies clients of hack involving mycase.com
So for a law firm, I would think this would be a really bad breach to have to disclose. Mason Law Office in Sacramento sent a copy of their notification to the California Attorney General’s Office. Their notification reads, in part: What happened? On or about May 5, 2018, we discovered evidence of unauthorized access…
Mississippi State Ed Dept. says contractor failed to provide test results on time
Questar Assessment, who has been named in about half a dozen posts on this site in 2018 already, makes the news again, it seems. Now Kayleigh Skinner reports: The Mississippi Department of Education says local school districts are receiving student tests scores later than expected because the testing vendor didn’t submit them on time. On…
Data breach affects nearly 900 patients from two San Francisco hospitals
Catherine Ho reports: The personal information of nearly 900 patients of San Francisco General and Laguna Honda hospitals was breached after a former employee of one of the hospitals’ vendors got unauthorized access to the data, the San Francisco Public Health Department said Friday. The data included patients’ names, dates of birth, medical record numbers…
Remember your baby’s newborn pictures? They may still be online.
UPDATED April 23, 2021: Apparently people find this news article in Google search results and then contact me via email or phone to ask about getting their newborn’s photos. This is a news article written in 2018. Neither I nor DataBreaches.net have your baby’s photos. Do not call me or email about them as I…
FastHealth breach still first being disclosed to some clients’ patients
Ugh. The FastHealth breach is still dripping out with yet more people first being notified. This time, it’s Cullman Regional. There’s no provision in HITECH (at least as far as I know) that would require a business associate to make one public disclosure of how many patients, total, have to be notified about an incident….