U.S. – Page 774 – DataBreaches.Net

HHS announces $2.3 million settlement with 21st Century Oncology for violations of HIPAA

Posted on December 28, 2017 by Dissent

I’m not sure why HHS delayed a few weeks in announcing their settlement with 21st Century Oncology, as some of us reported the $2.3 million settlement earlier this month, but HHS has now issued a press release: Failure to protect the health records of millions of persons costs entity millions of dollars 21st Century Oncology,…

H&R Block employee gave drug dealer access to client information, charges state

Posted on December 27, 2017 by Dissent

Phoebe Tollefson reports: An H&R Block employee let a man who sold him pot “help himself” to filing cabinets containing customer information earlier this year in order to settle a debt, prosecutors allege. James Maurice Palmer, 27, faces charges of forgery and identity theft, both felonies, stemming from the incident in April. Read more on…

PA: Employee-patient allegedly photographed during surgery files suit against Washington Hospital and others

Posted on December 27, 2017 by Dissent

Barbara Miller reports: An employee of Washington Hospital who had an operation at her workplace filed a complaint in Washington County Court against the institution, a doctor and several co-workers in connection with photos of her private parts that allegedly were taken and later shared. The plaintiff, identified only as Jane Doe, worked as a…

A tale of three leaks, Wednesday edition

Posted on December 27, 2017 by Dissent

On December 6, DataBreaches.net was contacted by researchers who requested help notifying two entities that they were exposing health information due to misconfigured AWS S3 buckets. They would turn out to be a delight to deal with, unlike a third entity that was also leaking information from a misconfigured S3 bucket. So let’s start with…

Data breach at Ancestry

Posted on December 24, 2017 by Dissent

Judy G. Russell reports: The folks at Ancestry have taken a proactive security step of closing part of the RootsWeb service today after being notified of a security breach affecting one part of the RootsWeb service. The security issue came from a part of RootsWeb that was closed some months ago. It turns out that,…

Colorado Mental Health Institute at Pueblo notified 650 patients after phishing incident

Posted on December 23, 2017 by Dissent

The Colorado Mental Health Institute at Pueblo is under the state’s Department of Human Services. On December 22, it issued a notice following discovery of a phishing incident that potentially affected 650 patients: The Colorado Mental Health Institute at Pueblo (CMHIP) experienced a potential data breach after a staff member on Nov. 1, unintentionally allowed…