To follow up on two recent breaches: Rady Children’s Hospital has uploaded notification of their recently disclosed breaches to the California Attorney General’s site. Their notification for the 2014 breach can be found here (pdf). Their notification for the 2012 breach that they discovered in the process of investigating the 2014 breach can be found…
Category: Uncategorized
No Section 230 immunity for healthcare software provider
Evan Brown discusses an interesting court case, Hardin v. PDX, Inc.,: Cases dealing with the Communications Decency Act often involve websites. See, for example, the recent decision from the Sixth Circuit involving thedirty.com, and earlier cases about Roommates.com and Amazon. But this case considered a sort of unique suggested application of Section 230 immunity. The question was whether a provider…
Ca: Rouge Valley faces $400M class-action lawsuit over privacy breach
Joel Eastwood reports: A $412-million class action lawsuit has been brought against a Scarborough hospital on behalf of thousands of patients whose personal information was leaked by two former employees. The hospital revealed earlier this month that the contact information of as many as 8,300 patients at Rouge Valley Centenary, mainly mothers who gave birth…
Hospital Networks Are Leaking Data, Leaving Critical Devices Vulnerable
Kim Zetter reports: Two researchers examining the security of hospital networks have found many of them leak valuable information to the internet, leaving critical systems and equipment vulnerable to hacking. The data, which in some cases enumerates every computer and device on a hospital’s internal network, would allow hackers to easily locate and map systems…
CT: Community Health Center suing a former IT director over alleged data breach
Alex Gecan has an update on an alleged breach that I had noted here with the caution: This sounds like a bitter termination situation and I wouldn’t rush to any judgement on these allegations until there is more investigation or facts revealed. I’ll repeat that caution now. Gecan reports: A local non-profit health center and…
CA: Riverside County Regional Medical Center notified 563 patients about missing laptop with PHI
Here’s yet another case involving a missing (presumed stolen) laptop with unencrypted PHI that was used with a medical device, but seemingly not physically secured enough. This breach involves the Riverside County Regional Medical Center. I recently reported a similar type of breach at a VA medical center in Denver. The following statement was posted on the hospital’s website today: Hospital Patients…