Speaking of a contractor’s employees exceeding authorized access, Chidanand Rajghatta reports that a Wisconsin federal jury slapped a $940-million penalty, including $700 million in punitive damages, on Tata Consultancy Services (TCS) for allegedly stealing healthcare software from an American company, Epic Systems. Epic Systems, a US-based electronics medical records vendor, had accused TCS of stealing documents and…
Search Results for: HCA
Vulnerabilities in a Third-Party Healthcare Payment Processor
Randy Westergren looked into Christiana Care’s online payment portal, which involves a third party payment processor developed by BYL Companies, LLC. What Randy found was very concerning, and he promptly notified BYL of his findings. You can read his write-up of it all on his site. So here’s the thing: how many people may have actually exploited the vulnerability…
Featured Story: Henry Ford Healthcare System: creating a culture of privacy
Over the past decade of reporting on healthcare sector breaches, I can probably count on one hand the number of entities who have impressed me that they really “get” that responding to a privacy breach is not primarily about data or statutory notifications. It’s about addressing any distrust or anxiety patients may feel about you protecting their confidentiality, because…
Former Healthcare Employee Indicted for Involvement in Stolen Identity Tax Refund Fraud Scheme and Unauthorized Disclosure of Patient Information
Another one of those all-too-infrequent criminal cases for violations of HIPAA, tacked on to the usual charges…. A Montgomery, Alabama resident self-surrendered earlier today after she was indicted March 3 on one count of multi-object conspiracy to commit identity theft and wire fraud, two counts of possessing 15 or more unauthorized access devices, two counts…
Premier Healthcare notifying 200,000 patients after laptop with PHI stolen from office (UPDATE3)
UPDATE: The stolen laptop was recovered on March 7. See the update here. Original story: Lauren Slavin reports: Premier Healthcare patients are being notified of a possible data breach after a laptop with personal patient information was apparently stolen from the Bloomington office. More than 200,000 Premier Healthcare patients’ names, addresses, Social Security numbers and…
BJC HealthCare Accountable Care Organization Notifies Patients of Unencrypted Email
(Feb. 26, 2016, ST. LOUIS) – BJC HealthCare Accountable Care Organization (BJC ACO) has notified 2,393 patients that identifying information was sent to a participating medical practice through an unencrypted email. All affected patients have been offered identity theft protection free of charge. BJC ACO discovered on Dec. 30, 2015, that an email containing health information…