OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…
Category: U.S.
Update: Oklahoma Dept of Securities notifying individuals affected by 2018 security incident
Here’s another case where there’s a long gap between discovery of an incident and notification to individuals. The Oklahoma Department of Securities had an incident that began Nov. 29, 2018. It was discovered December 11, 2018. On January 16, 2019, the agency issued a statement saying: The Oklahoma Department of Securities (ODS) has initiated a…
Pacers company discloses data breach
The company associated with the Indiana Pacers – Pacers Sports & Entertainment (“PSE”) – issued a notice yesterday about a data security incident. Curious as to whether it impacted fans or employees, I skimmed it… only to be reminded yet again that our medical or health data can be breached in all kinds of settings….
25,148 patients served by Southeastern Council on Alcoholism and Drug Dependence notified of ransomware incident
Here’s yet another ransomware incident in which investigators couldn’t really determine whether ePHI were actually accessed, so the entity notified HHS and is notifying patients. In this case, we are dealing with what could be treatment information for more stigmatizing conditions such as alcoholism or addiction. According to their report to HHS, 25,148 patients are…
Independent Health mistakenly emailed information on 7,600 members
Tracey Drury reports: Protected health information on more than 7,600 Independent Health members was accidentally emailed to a member in March, a breach that violates federal privacy laws. The Amherst-based health plan told members that an employee inadvertently emailed documents containing their information on March 19 to an unauthorized recipient who happened to be an…
TX: UMC Physicians Notifies Patients of Compromised Patient Data
Press Release: UMC Physicians (UMCP) is educating employees on approved cloud storage solutions and notifying patients of an incident that may have compromised the privacy of protected health information held by their clinic: UMC Southwest Gastroenterology. UMCP has no evidence of actual or attempted misuse of personal information at this time. On March 12, 2019,…