The following press release is by what appears to be a business associate under HIPAA. It does not name the covered entities whose patients or insured members may have been impacted. Will we see notices from those covered entities? Probably not, unless more than 500 were affected for a particular covered entity. The notice also…
Category: U.S.
Rutledge issues data breach advisories to Arkansas medical providers
Fox16 reports: Arkansas Attorney General Leslie Rutledge today sent an advisory letter to medical licensees throughout Arkansas about their duty to report a data breach under the Personal Information Protection Act (PIPA). The PIPA reporting guidelines, amended in July 2019, mandate that individuals, agencies and businesses notify the Attorney General’s Office at the same time as affected…
TX: City of San Angelo investigating Click2Gov breach
John Tufts reports: The City of San Angelo is investigating a security breach with the city’s online water billing system after fears customer’s credit card information may have been stolen. “Some water customers may have noticed irregularities with their credit and debit card accounts after recently paying their monthly statement through the City’s online payment…
Exclusive: More than 90,000 patient billing files from an alcohol and drug addiction treatment network exposed online
Update: On December 2, Sunshine Behavioral Health reported this incident to HHS as impacting 3500 patients. They also ticked the box for Business Associate. Update 2: On January 23, 2020, ID Experts submitted a copy of their notification to patients to the Vermont Attorney General’s Office. Another day, another leak. In this case, an error…
Medical supply firm notifies patients after phishing incident
Updated Nov. 20: This incident was reported to HHS as impacting 114007 patients. Original post: Solara Medical Supplies, LLC in Chula Vista, California is notifying some of their patients and employees after discovering that attackers had successfully gained access to some employees’ email accounts that contained employee and patient information. According to a press release…
Dallas man convicted of computer fraud, aggravated identity theft in hacking of New York-based tech company
Mathew Richards reports: Following a five-day trial, a Dallas man was convicted on Friday on charges for computer fraud and aggravated identity theft in connection with his hacking of a New York-based technology company, according to the U.S. Attorney’s Office and the Albany Field Office of the Federal Bureau of Investigation. 30-year-old Tyler C. King…