I have to confess I was somewhat surprised to see that HHS’s public breach tool is still adding affected entities to the Advanced Data Processing incident. Whether HHS is just getting around to adding them or whether the entities are first discovering and/or reporting that their patients were involved is not known to me. Readers may…
Updated details on the Penn Highlands Brookville hacking incident
Last month, Penn Highlands Brookville in Pennsylvania disclosed a breach affecting patients of Dr. Barry Snyder. The breach did not affect Dr. Snyder or PHB directly, but rather, it appeared that the firm hosting his patient records may have been compromised. At the time, PHB did not name the third-party vendor. Nor did they indicate how many patients were…
NY: Mount Sinai Beth Israel Hospital reports stolen laptop
One of the incidents added to HHS’s public breach tool this week involves a personal laptop stolen from a Mount Sinai Beth Israel Hospital employee. The incident reminds of us the risks of BYOD when the data are not encrypted. I was able to locate a copy of the hospital’s press release on the incident:…
If you don't respond to notifications of a leak, the problem doesn't go away – it gets worse
On September 3, SLC alleged that WakeMed was leaking patient information: Type: PII Area: Healthcare First Noted: 3 September 2014 Location: NC Total Records: 5000+ Status: Not Monitoring for Follow Up (Not a client) SLC Security Services LLC has noted that this medical establishment has failed to secure patient records. Observed were patient name and date of birth as well as specific…
FL: Defendant Convicted In Identity Theft Tax Fraud Scheme Involving Medical Patients’ Personal Identifying Information
Kenol Augustin, 36, of Miami, was convicted by a federal jury of one count of conspiracy to commit access device fraud, in violation of Title 18, United States Code, Section 1029(b). Sentencing is scheduled for January 15, 2015. At sentencing, Augustin faces up to five years in prison. According to court documents and evidence presented…
Federal sites leaked the locations of people seeking AIDS services for years
Craig Timberg reports: Two federal government Web sites that help people find AIDS-related medical services have begun routinely encrypting user data after years in which they let sensitive information — including the real-world locations of site visitors – onto the Internet unprotected. Until the change, these sites had risked exposing the identities of visitors when they…