Now that California is posting breach notes on its site, I’m finding out about a slew of breaches that I did not find through other sources. Of the 27 breaches they’ve posted since the beginning of this year, I didn’t know about 16 of them: They’ve now all been entered in DataLossDB.org. One just added…
California's breach page increases our awareness of breaches
Now that California is also posting breach reports online, I’m finding out about breaches in the healthcare sector that I’ve not seen in the news or on HHS’s breach tool. As one example, Perry Dental sent notification letters about a burglary that occurred February 16: We are contacting you about a recent burglary in our…
Over 200,000 confidential Medicaid records improperly acquired
No, it’s not Utah, but I can understand why you’d think that. The headline is referring to a totally different Medicaid breach – this one in South Carolina. Jeffrey Collins of Associated Press reports: The agency that runs South Carolina’s Medicaid program says an employee improperly transferred information about more than 228,000 people to a…
Emory Healthcare notifies individuals regarding missing data
Emory Healthcare has determined that 10 backup discs containing information on surgical patients treated between September 1990 and April 2007 are missing from a storage location at Emory University Hospital. As soon as it was discovered that the discs were missing, an extensive search and investigation was initiated and is continuing. It is important to…
HHS settles case with Phoenix Cardiac Surgery for lack of HIPAA safeguards
Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, Arizona, has agreed to pay the U.S. Department of Health and Human Services (HHS) a $100,000 settlement and take corrective action to implement policies and procedures to safeguard the protected health information of its patients. The settlement with the physician practice follows an extensive investigation by the…
UK: Web exposure breach at Toshiba last summer revealed … today?
Toshiba Information Systems (UK) have breached the Data Protection Act (DPA) after the personal details of 20 competition entrants were compromised by a security flaw on their website, the Information Commissioner’s Office (ICO) said today. The ICO was informed by a member of the public in September last year that the personal details of individuals…