Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
Category: U.S.
A covered entity’s responsibility to monitor a business associate is…. what?
There is yet another really informative post by Jeff Drummond of Jackson Walker. This one is about a CE’s responsibility to actively monitor a BA’s compliance. Jeff writes, in part: Lexology today led me to this article by Adam Green’s crew at Davis Wright Tremaine. It turns out, there is specific language in the December…
A Notice to Patients of West Kendall Baptist Hospital
Baptist Health has a long-standing commitment to protecting the privacy and confidentiality of patient information entrusted to us. We deeply regret that, despite our efforts and commitment to protecting patient privacy, we experienced a security breach at West Kendall Baptist Hospital that included some of our patients’ information. On March 9, 2018, we discovered that…
MD: Bowie Doctor Indicted For Health Care Fraud And Identity Theft
Greenbelt, Maryland – A federal grand jury has indicted Sampson Sarpong, age 61, of Bowie, Maryland, today on charges related to a scheme to defraud health care benefit programs and aggravated identity theft. The indictment was returned on April 4, 2018, and unsealed today upon the arrest of Sarpong. The indictment was announced by Acting…
NYC: Former Receptionist Who Stole Identities of More Than 650 Dental Patients Sentenced to 2-to-6 Years in Prison
There’s a follow-up on a case first reported in 2015, although we still do not know the name of the victim dental practice: Manhattan District Attorney Cyrus R. Vance, Jr., today announced the sentencing of ANNIE VUONG, 31, to 2-to-6 years in state prison for stealing personal identifying information from more than 650 patients at…
Integrated Rehab Consultants notifying patients after potential breach first discovered in 2016
From their press release: On December 2, 2016, Integrated Rehab Consultants(“IRC”) was contacted by a healthcare researcher regarding IRC data that was present on a public repository. IRC immediately commenced an investigation and determined that an IRC vendor provided IRC data to another third-party vendor who then inadvertently uploaded the data to a public repository. …