HHS has announced a settlement with St. Elizabeth’s Medical Center (SEMC) that relates to two potential HIPAA violations – neither of which have been reported previously on this site or PHIprivacy.net and neither of which appear on HHS’s public breach tool: St. Elizabeth’s Medical Center has agreed to settle potential violations of the Health Insurance Portability…
Category: U.S.
What Happened At OPM?
Add Adam Shostack’s post to your must-read list. Here’s a snippet: The National Journal published A Timeline of Government Data Breaches: I asked after the root cause, and Rich Bejtlich responded “The root cause is a focus on locking doors and windows while intruders are still in the house” with a pointer to his “Continuous Diagnostic Monitoring Does…
Four months after confirming payment card breach, Mandarin Hotel begins notifying customers
Back on March 4, Brian Krebs reported that the Mandarin Hotel had confirmed a payment card breach affecting some customers. The breach wasn’t reported to the California Attorney General’s Office until today, however. In a letter from their external counsel, the hotel chain explains: On February 25, 2015, Mandarin Oriental was alerted to the suspected…
Hershey says data breach compromised guests’ payment card information
AP is reporting that Hershey Entertainment & Resorts says a data breach may have exposed the financial information of some visitors to its Pennsylvania hotels, amusement park and other venues. Cards used at its properties between Feb. 14 and June 2 may have been compromised: Hershey, which operates The Hotel Hershey, Hersheypark Entertainment complex and other facilities,…
Katherine Archuleta, Director of Office of Personnel Management, Resigns
Julie Hirschfield Davis reports: Katherine Archuleta, the director of the Office of Personnel Management, resigned under pressure on Friday, one day after the government revealed that two sweeping cyberintrusions at the agency had resulted in the theft of the personal information of more than 22 million people, including those who had applied for sensitive security…
Howard University Hospital patients received letters meant for others
Julie Zauzmer reports: More than 1,400 Howard University Hospital patients accidentally received letters intended for other patients with the same last names, the university disclosed on Friday. The letters contained only the patients’ names, their account numbers and the dates that they visited Howard University doctors, not any other personal information, the university said in…