I’ve occasionally blogged about the risks of breaches following major storms or weather events. Today I’ve learned that at least one New York hospital suffered a breach after Hurricane Sandy. Due to the storm surge, Coney Island Hospital’s Ida G. Israel Community Health Center in Brooklyn experienced structural damage. The New York City Health & Hospitals…
University Dental Associates LLP notified 2,400 patients of stolen laptop
In December, 2012, University Dental Associates at the Maimonides Medical Center in Brooklyn, New York notified 2,400 patients that a laptop containing their PHI had been stolen from their office. Although the theft both occurred and was discovered on November 21, it was not reported to the NYPD until November 26, 2012. The computer was…
NYS DMV clerk charged with illegal search of DMV records
New York State Inspector General Catherine Leahy Scott announced today that a Seneca County clerk has been charged with illegally accessing the computer records of a local motorist. Patricia I. Bourne, a 56-year-old License Clerk from Waterloo, was charged with 11 felony counts of Computer Trespass and one misdemeanor count of Official Misconduct for repeatedly…
Rosewood Inn of the Anasazi to notify customers of security breach
So it seems Anasazi Hotel LLC had a server compromise that began on June 18, 2012, but they didn’t find out until they were notified by their card processor on March 21, 2013. Now, almost a year after the breach began, they will first be sending out letters to those who stayed at the Rosewood…
Oral surgeon notifies former patients after laptop with their PHI was stolen from his office (updated)
Closing a private practice is not the end of our data security concerns, as a breach earlier this year reminds us. In January, attorneys for Lee D. Pollan, DMD, PC notified the NYS Division of Consumer Protection that PHI of 13,806 former patients was on a missing laptop. The laptop reportedly went missing from the…
Data breach notification rules should only apply where individuals are ‘severely affected’, say EU Ministers
Out-Law.com reports: Businesses should only have to report that they have experienced a personal data breach in cases where it is likely that individuals’ rights and freedoms have been “severely affected” by such a breach, EU Ministers have proposed. The Working Party on Information Exchange and Data Protection (DAPIX), set up within the structure’s of…