There are a number of unanswered questions about an incident disclosed by RoxSan Pharmacy today. See what you think, starting with their press release of today: As part of its commitment to patient privacy, RoxSan Pharmacy (“RoxSan”) notified 1,049 patients of a potential breach of unsecured personal patient protected health information. RoxSan is notifying affected…
Category: Subcontractor
Entergy notifies employees of W-2 breach involving TALX portal
So this is not a W-2 phishing situation, but TALX – a wholly-owned subsidiary of Equifax – is working with Entergy to notify former and current Entergy employees whose 2016 W-2 data may have been acquired by criminals from the TALX portal. In a letter to the New Hampshire Attorney General’s Office, counsel for TALX…
Sued by Aetna over botched mail notifications, KCC fires back, suing Aetna
“I sue you, You sue me, We both sue too easily. Too easily to let it show. I sue you and that’s all I know.” — wrote Art Garfunkel never. Alison Frankel reports: A day after Aetna sued the claims administrator Kurtzman Carson Consultants for exposing confidential medical information about Aetna clients in a settlement…
Aetna sues claims administrator KCC over botched notice in HIV case
Alison Frankel reports that Aetna is suing Kurtzman Carson Consultants for exposing plan members’ HIV status in envelope windows sent out in July as part of notifying members of settlement negotiations in other litigation matters. The privacy breach resulting from the exposure resulted in Aetna members experiencing a privacy breach involving sensitive information, and led…
Swisscom data breach: Personal details of one in ten Swiss citizens stolen
Jason Murdock reports: A Swiss mobile phone operator has admitted its data systems were breached late last year and the contact details of about 800,000 customers were compromised. Swisscom said on Wednesday (7 February) that the names, addresses, telephone numbers and dates of birth of customers were accessed by an unknown party, which got the…
Court Declines to Dismiss Claims Against Business Associate Subcontractor Responsible for HIPAA Breach
CVS Pharmacy, Inc. v. Press America, Inc., 2018 WL 318479 (S.D.N.Y. 2018) A federal court has declined to dismiss a lawsuit filed by a pharmacy benefit manager (PBM) against a mail service that violated the HIPAA privacy rule when it misaddressed mail and improperly disclosed protected health information (PHI) of 41 individuals. The PBM, which…