From the FTC: An Atlanta-based health billing company and its former CEO have settled Federal Trade Commission charges they misled thousands of consumers who signed up for an online billing portal by failing to adequately inform them that the company would seek highly detailed medical information from pharmacies, medical labs and insurance companies. In a…
Category: Uncategorized
Not all medical data is protected by HIPAA, Tuesday reminder (updated)
The Sony Pictures breach, which normally wouldn’t be covered on this blog, serves as a useful reminder of how much medical and/or health insurance information employers hold on employees – information that you wouldn’t want in the hands of hackers. See Brian Kreb’s post today on the Sony breach. The linked file tree directory is concerning….
Highlands-Cashiers Hospital discovers patient data was unprotected for more than 2 years
Highlands-Cashiers Hospital in North Carolina is notifying more than 25,000 patients after discovering that an error by their IT vendor, TruBridge, had exposed patient information on the Internet between May 2012 and September 29, 2014. TruBridge is a wholly owned subsidiary of Computer Programs and Services, Inc. Forensic investigation revealed that although patients’ names, addresses, dates…
Update to Central Dermatology Center breach
It seems Central Dermatology Center notified HHS that 76,258 patients were affected by the malware insertion in August 2012 that went undetected until September 2014.
Confirmed: Visionworks had second data breach
To follow up on a previous post, it seems Visionworks Inc. did have a second breach recently, and like the first one, it involved hardware that went missing after an upgrade. This one affected 48,000 customers in Jacksonville, FL. In a statement posted on their site, Visionworks writes: Statement on recent Visionworks privacy issue SAN ANTONIO…
OH: University Hospitals: Employee gained unauthorized access to 692 patient files in breach
John Cangiglia reports: An employee of University Hospitals improperly accessed medical and personal information of 692 patients over a three-year period, the hospital system said Friday. The employee, who has been dismissed, breached the hospital system’s electronic medical records, allowing the person to gain names, home addresses, phone numbers, email addresses, medical and health-insurance account numbers and…