Kaiser Foundation Hospital Orange County – Anaheim Medical Center is notifying patients of a breach that occurred on September 25. In a letter signed by Julie Miller-Phipps, Senior Vice President, Executive Director of Kaiser Foundation Hospital Orange County, patients were informed that Kaiser Permanente was notified on on September 25 that a flash drive containing patients’ names,…
UK: Your medical records – now on sale
Ross Anderson writes: Your medical records are now officially on sale. American drug companies now learn that MedRed BT Health Cloud will provide public access to 50 million de-identified patient records from UK. David Cameron announced in 2011 that every NHS patient would be a research patient, with their records opened up to private healthcare firms. He promised…
Whose data is it anyway?
John Moore and Rob Tholemeier write: A common and somewhat unique aspect to EHR vendor contracts is that the EHR vendor lays claim to the data entered into their system. Rob and I have worked in many industries as analysts. Nowhere, in our collective experience, have we seen such a thing. Manufacturers, retailers, financial institutions, etc. would…
Evernote tells some users to change their passwords. (Psst! It’s Adobe’s fault…)
Graham Cluley writes: Just like Facebook before it, Evernote has been scouring the list of millions of email addresses and passwords exposed by the recent mega-breach at Adobe. And, if Evernote finds an email address in Adobe’s breached database that matches that belonging to an Evernote user, they are sending them a message telling them to…
Veterans Health Administration Issues Directive Regarding Access To Personally Identifiable Information In Information Technology Systems
WASHINGTON, Nov. 20 — The U.S. Department of Veterans Affairs’ Veterans Health Administration issued the following directive: 1. REASON FOR ISSUE: This Veterans Health Administration (VHA) Directive establishes policy for approving and providing authorized users access to VHA personally identifiable information (PII) in Information Technology (IT) systems of the Department of Veterans Affairs (VA). 2. SUMMARY OF CHANGES: This is a new Directive….
In Monroeville, have politics and personal allegiances trumped data privacy and security?
A PHIprivacy.net editorial. As regular readers know, PHIprivacy.net and PogoWasRight.org have been covering breach accusations involving the emergency medical dispatch (EMD) and police criminal history databases in Monroeville, Pennsylvania. The town’s investigation into the allegations, an independent forensic evaluation of the security controls in use for the systems, and a subsequent state attorney general’s investigation all confirmed…