DataBreaches.Net

Back in September, PHIprivacy.net noted: 9News reports that Madison Street Provider Network, Inc., dba  Omni Eye Specialists, Spivack Vision Center, Madison Street Surgery Center, Madison Street Anesthesia, and Madison Street Company Nurse Practitioner said they were a target of a data breach and will be notifying patients. Stay tuned, as there’s no notification on any web site(s) yet. The incident has now been added…

An incident recently added to HHS’s public breach tool involves NYU Urology Associates. According to the log entry, 835 patients were affected by a breach that occurred on February 19, 2014. I was able to locate a statement on NYU’s website about the incident: NYU LANGONE MEDICAL CENTER NOTIFIES PATIENTS OF DATA BREACH October 10,…

In the process of investigating a previously-unknown 2011 breach involving NYC Health & Hospitals Corporation (HHC), I discovered that they had a third breach in 2011 that was also only recently discovered and disclosed. This third incident is not in HHS’s public database and won’t be, because it involves less than 500 patients. A statement…

It seems that 2011 was not exactly a stellar year for the NYC Health & Hospitals Corporation (“HHC”) for data security. The first HHC incident was the 2011 breach involving the theft of backup tapes with information on 1.7 million patients. HHC did not incur any monetary penalties for that breach. The second incident, not…

When an employee is terminated, their login credentials to vendors’ databases with PHI must also be terminated. How often do you verify that it is actually being terminated properly? Bon Secours Kentucky notified 697 patients that a former employee had improperly accessed their information from a billing database maintained by Athena.  In a statement uploaded to…