St. Joseph Health (SJH) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules following the report that files containing electronic protected health information (ePHI) were publicly accessible through internet search engines from 2011 until 2012. SJH, a nonprofit integrated Catholic health care delivery…
Category: U.S.
Indiana business associate providing employee benefits management notifies 7,242 after laptop theft
From their notification letter, which does not explain why it took 2.5 months for them to make notifications nor where the laptop was stolen: We are writing to inform you of a data security incident at Gibson Insurance Agency, Inc. (“Gibson”) that may have resulted in the disclosure of your personal information, including your name…
Yahoo Loses Search Engine Partner, First Since Data Breach Reveal
Laurie Sullivan reports: A little-known search engine that focuses on user privacy has canceled its partnership with Yahoo. StartPage made the announcement Monday. “We can no longer have confidence in them,” according to StartPage CEO Robert Beens. He predicts that while his company is the first to part ways with Yahoo, others will likely follow….
TX: Katy ISD notifies parents after third-party error by SunGard K-12
Shelby Webb reports: Katy ISD warned about 78,000 of its students and staff members that their personal data – including social security numbers, names and birth dates – may have been accessed during a security breach. Katy officials notified parents in a letter dated Oct. 7, more than a month after it learned of the…
Rainbow Children’s Clinic notifies 33,368 patients of ransomware attack
On October 4, Rainbow Children’s Clinic in Texas notified HHS of an incident affecting 33, 368 patients. Here is their notice from their web site, describing a ransomware incident: On August 3, 2016, Rainbow Children’s Clinic was the victim of a hacker who accessed its computer system and then launched a ransom ware attack that…
CalOptima discloses second HIPAA breach in as many months
For the second time in as many months, CalOptima is reporting a breach (see last month’s disclosure, here). According to a statement uploaded to the California Attorney General’s web site: On or about August 17, 2016, a departing CalOptima employee downloaded data, which included protected health information, to an unencrypted USB flash drive. Shortly after,…