Sean Sposito reports: In a case that could serve as a warning to other banks that contribute customer data to public storehouses, Citigroup this week acknowledged that it failed to safeguard the personal information — Social Security numbers, birth dates and other sensitive data — of nearly 150,000 consumers who went into bankruptcy between 2007…
Hack exposes e-mail addresses, password data for 2 million Ubuntu Forum users
Dan Goodin reports that e-mail addresses, user names, and password data for every registered user of the Ubuntu Forums—estimated to be 1.82 million accounts—were exposed in a security breach. Read more on Ars Technica.
OR: Samaritan Health investigates improper disposal of medical records
Hundreds of medical records found unshredded in the trash. Again. This time it’s Samaritan Family Medicine Resident Clinic, part of Samaritan Health Services. Police were called but did nothing because, once again, no law was broken. It is disturbing that in 2013, most states still do not have data security or breach laws that include paper…
Would a federal data breach notification law be A Good Thing or not for healthcare?
Modern Healthcare covered a Congressional hearing this week to consider a federal data breach notification law. Congress has been kicking the idea around for years, but one of the big stumbling blocks has been whether any such law would pre-empt state laws. I have long been on record supporting a federal law that pre-empts state…
Hartselle man files complaint after Decatur hospital shares his mother's personal information with third-party vendor
Anyone can file a HIPAA privacy complaint with HHS, but I’m not confident this one will go anywhere if there is a signed business associate contract in place and the patient signed the privacy practices notice. I do think there needs to be an investigation on the Social Security number part of the complaint, though. See…
Govt. moves to dismiss lawsuit over Dorn V.A. laptop breach
The government has moved to dismiss a potential class action lawsuit after the theft of a laptop with PHI from the Dorn V.A. Medical Center. Their argument: plaintiffs have not demonstrated that the information has fallen into the wrong hands or caused any actual harm to plaintiffs. Read more on Main Justice.