Hot off the presses: there’s been another settlement announced by OCR. This one involves Lahey Hospital and Medical Center (Lahey Clinic Hospital), who have agreed to pay $850,000 and to adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary…
Category: U.S.
OPM OIG Audit Finds Significant Problems Remain
From the Executive Summary of FY 2015 FISMA Results: The significant deficiency related to information security governance has been dropped due to the reorganization of the Office of the Chief Information Officer (OCIO). OPM’s system development life cycle policy is not enforced for all system development projects. OPM does not maintain a…
Personal data of thousands of Jefferson Co. residents exists online
Eric Besson reports: As public anxiety persists over regular reports of major data breaches, Social Security numbers of up to thousands of current and former Jefferson County residents can be found online in electronic county records, increasing locals’ vulnerability to a costly and stressful ordeal. The issue lingers from an unresolved statewide privacy gap spotted almost a…
Maine’s Yellowfront Grocery hit by payment card breach
Yellowfront Grocery in Damariscotta, Maine, notified its customers via Facebook that it had experienced a point-of-sale (POS) breach on Oct 23. SCMagazine has some of the details. h/t, @VERISDB
Dallas County has been exposing tens of thousands of people’s SSN and details for more than a decade – CBS
CBS Dallas isn’t revealing details because, despite their warnings to the county for 6 months and despite assurances from the county that it would address the problem, Dallas County still hasn’t secured the personal information of tens of thousands of North Texans. Personal information, including Social Security Numbers, addresses, dates of birth, and driver’s license numbers have reportedly…
FL: Federal jury finds wrongdoing, but no emotional distress, in records snooping case
Well, this is different. A jury actually found for a plaintiff who alleged snooping in her driver’s records – and awarded her damages that included penalizing the Marion County Sheriff’s Office for enabling the snooping. Nicki Gorny reports: An Ocala woman did not suffer emotional distress when a former Marion County Sheriff’s Office deputy snooped…