Carla Field reports: A health care revenue company says one of its employees looked at nearly two dozen patient records without authorization. Cardon Outreach does contract work for AnMed Health, and has employees on site at the hospital. AnMed said in a release that a Cardon Outreach employee opened 22 patient files without authorization, including…
Category: Subcontractor
MO: A second TheDarkOverlord target confirms hack (updated)
In the past 24 hours, two of TheDarkOverlord’s targets have publicly acknowledged breaches previously reported by this site. Yesterday, it was the Athens Orthopedic Clinic in Georgia who issued a public statement (previous coverage). Today, it’s a group of clinics in Farmington, Missouri (previous coverage). Daily Journal Online reports: The medical group which includes Midwest…
KR: Credit card companies fined over customer data protection failures
For the past few years, I’ve covered the consequences Kookmin, NongHyup, and Lotte Card have faced after cardholders’ information was stolen by an contractor’s employee over an 18-month period from 2012 to 2013. I continue to be impressed that even though some of the fines or consequences haven’t been huge by our standards, there have been consequences to both the…
Leaky database leaves Oklahoma police, bank vulnerable to intruders
Dell Cameron reports: A leaky database has exposed the physical security of multiple Oklahoma Department of Public Safety facilities and at least one Oklahoma bank. The vulnerability—which has reportedly been fixed—was revealed on Tuesday by Chris Vickery, a MacKeeper security researcher who this year has revealed numerous data breaches affecting millions of Americans. The misconfigured…
Yet another entity first notifying patients of Bizmatics, Inc. breach
So it appears that Bizmatics, Inc. has continued notifying entities of their 2015 breach. I stumbled across this one today from Arkansas Spine and Pain. We have been notified by our electronic medical record vendor, Bizmatics, that cyber intruders may have installed malware on their system. Bizmatics learned of the intrusion in late 2015, however,…
Physician took work home, and there it stayed after his employment terminated (UPDATED)
Here’s a breach that was actually disclosed in June, but first was posted to HHS in July. Kudos to HIPAAJournal who found their statement on their website when my old eyes missed the small print. You can read HIPAAJournal’s coverage here. The following is from Midland Memorial Hospital’s statement concerning a breach that impacted 1,468 patients: MIDLAND,…