In a recent white paper I co-authored with Protenus, Inc., we noted the significant risks of a breach involving a vendor or business associate. In following up in a subsequent post, I also included a “pop quiz” for readers to use to test their understanding about the terms of any contract they have in terms of…
Category: U.S.
CA: Apria Healthcare notifies patients of breach
Apria Healthcare today announced a data security incident involving unauthorized access to an employee’s email account. Apria Healthcare is one of the nation’s leading providers of home respiratory services and certain medical equipment. Affected individuals may have received certain medical equipment from Apria Healthcare. On August 5, 2016, Apria Healthcare discovered that the email account of…
Surgeon General warns staff that personal information may have been stolen
Eric Yoder reports: The Surgeon General on Monday issued a warning to his staff that is all too familiar to federal employees: Your personal information may have been stolen. In an email, Surgeon General Vice Adm. Vivek H. Murthy told “commissioned corps” employees of the Public Health Service that information, including their names, dates of…
InfoSec: FDA Needs to Rectify Control Weaknesses That Place Industry and Public Health Data at Risk
For years, Congress and federal regulators have been raising concerns about FDA’s infosecurity after report of a hack in 2013. So while the FDA has been issuing lots of statements about securing medical devices and mobile apps, the GAO would like them to know that they need to do a better job on securing their own data: What…
GA: Martin Army Community Hospital can’t individually notify 1,000 patients impacted by insider breach that began in 2011
Larry Gierer reports: All patients who received care through the Martin Army Community Hospital healthcare system are alerted that a possible HIPAA breach occurred at Fort Benning between January 2011 and December 2013. According to a news release on Sunday, the breach was discovered after the hospital was alerted of undetected criminal activity involving identity…
TN: Hutton Hotel notifying guests of breach that began in 2012
Hutton Hotel in Nashville is notifying guests of a that first began on September 23, 2012. In their notification, they write that after being alerted to a potential problem by their payment processor, their outside consultants determined that unknown individuals had been able to install a program on the payment processing system in September 2012. The program could have…