Steve Orr has a follow-up on the Excellus BlueCross BlueShield data breach that was disclosed in September, but the scant details still available will doubtless continue to frustrate those who want to know how the breach occurred and why it took almost 20 months for Excellus to detect it. And the available facts serve as…
Search Results for: HCA
CT AG Jepsen, Hartford Hospital, Contractor Reach Agreement Resolving Investigation into Breach of Unencrypted Patient Information
There’s an update to a breach that I previously noted in 2012, and it reinforces the importance of your business associate contracts and the importance of monitoring them if you’re a HIPAA-covered entity: Hartford Hospital and the EMC Corporation will pay $90,000 and have agreed to institute additional training and control measures to resolve an…
PHIprivacy.net posts now incorporated in DataBreaches.net
To regular readers of DataBreaches.net and those first migrating over from PHIprivacy.net: Because the time and expense of operating three web sites became seriously headache-inducing for me, I’ve consolidated PHIprivacy.net and DataBreaches.net. All medical/health data breach reports that appeared on PHIprivacy.net have now been incorporated in the “Health Data” category on this site. Non-breach posts from PHIprivacy.net…
NV: Lab Tech Charged With Stealing Patient Information And Using It To Apply For Credit Cards
LAS VEGAS, Nev. – A local woman who worked as a laboratory technician at an unnamed Las Vegas pediatric cardiology practice has been indicted by the federal grand jury on charges that she unlawfully obtained the personal identifying information of a patient and used it to apply for credit cards without the patient’s knowledge, announced…
Hackers target Australian health sector, selling records for A$1,000
Beverley Head reports: Hackers are targeting the Australian health sector, with fully populated digital health records sold on the black market for up to A$1,000 each. Plans to make the personally controlled electronic health record (PCEHR) an opt-out – rather than the current opt-in regime – could significantly expand the range of targets for health hackers….
DEA obtains a federal search warrant for patient data on MicroMD
Justin Shafer pointed me to a case where the government, investigating a healthcare provider, served SaaS MicroMD with a federal search warrant for some patients’ data. You can read Justin’s write-up on his blog, but the case reminds us that patient data can be disclosed to law enforcement without patients’ awareness or consent, and that unencrypted patient…