Ebony Bowden reports: Police are investigating a major privacy breach at a Melbourne high school, which saw the personal information of families, including their phone numbers, addresses and Medicare details, published online. It’s believed a number of parents at Blackburn High School also provided their credit card details to scammers, after a phishing email masquerading as a…
1.5 million students’ data leaked online, put up for sale for up to Rs60,000
Rozelle Laha reports: Phone numbers, email ID and addresses of at least 1.5 million students are available for a price, although it isn’t clear how this happened. For between Rs1,000 and Rs60,000 it is possible to get information on at least 1.5 million students who appeared for examinations of several types since 2009. Read more on…
Careless handling of HIV information jeopardizes patient’s privacy, costs St. Luke’s-Roosevelt Hospital Center $387k
The U.S. Department of Health & Human Services(HHS), Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on impermissible disclosure of protected health information (PHI). St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid HHS $387,200 to settle potential violations of the HIPAA Privacy Rule…
Medical device containing patient information stolen from DePaul Hospital
Samantha Liss reports: SSM Health has notified 836 patients that their personal information may have been compromised after a medical device was stolen from DePaul Hospital. The device looks like a laptop and that’s likely why it was stolen — not because it contained patient information, SSM Health, owner of DePaul Hospital in Bridgeton, said…
Update: Case Involving Sharing of Passwords May Be Headed to the Supreme Court
Jeffrey M. Schlossberg of Jackson Lewis writes: Last August, we reported on a Ninth Circuit case in which a former employee was convicted of a crime under the Computer Fraud and Abuse Act (“CFAA”) for accessing and downloading information from his former company’s database “without authorization.” The former employee has now asked that the U.S. Supreme review the Ninth…
Where is the future of HIPAA enforcement headed?
Ira Parghi of Ropes & Gray writes: Since January 2016, the OCR has entered into resolution agreements with, and imposed Corrective Action Plans (CAPs) on, providers and others in at least 12 matters involving the Security Rule. It has also imposed a Civil Monetary Penalty on one entity. Most of these cases involve stolen, unencrypted…