James T. Mulder reports: An Upstate University Hospital employee inappropriately accessed the medical records of 1,216 patients without a work or job-related reason. Upstate announced it is contacting affected patients and the U.S. Department of Health and Human Services about the privacy breach. The former employee accessed the records between Nov. 3, 2016 and Oct….
Category: U.S.
PA: May Eye Care notified 30,000 patients after ransomware incident
Ransomware continues to pose a major threat to covered entities, and not surprisingly, an incident reported to HHS in October by a Hanover, Pennsylvania eye care center turned out to be yet another ransomware incident. The practice kindly sent me a copy of the notification letter they sent to 30,000 patients: Dear Sir or Madam,…
AL: Huntsville Hospital reports employee applicant breach at Jobscience
From Huntsville Hospital, this press release yesterday, seen at WAFF: “Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to…
TX: Metrocare notifies 1,804 patients after employees’ email hacked
On November 1, the Dallas County Mental Health Mental Retardation Center (doing business as Metrocare Services) notified HHS of a breach affecting 1,804. The following is their published notifcation, provided to this site by their spokesperson. DALLAS, TX – Metrocare Services announced today that it is mailing notification letters to some of its community members regarding…
Southwest Washington Regional Surgery Center notifies 2,393 patients after phishing attack exposed their PHI
The Southwest Washington Regional Surgery Center in Vancouver, Washington, recently notified the Oregon Attorney General’s Office of a breach that they discovered on September 25, 2018. Here is the text of their notification, as posted on their web site: Southwest Washington Regional Surgery Center, LLC (“SWRSC”) is committed to maintaining the privacy and security of…
Sins of Others May be Visited on Employer
Matt Fisher writes: Healthcare organizations are learning tough lessons that actions of employees can come back with serious consequences to the organization. When it comes to maintaining the privacy and security of patient data, no action comes without a consequence. While some actions are completely uncontrollable, that does not necessarily mean that liability cannot potentially…