First it was Walmart disclosing that their pharmacies in stores in California and Chicago had suffered damage and theft by looters of medications ready for pickup with patient information on labels. Then it was CVS, who notified HHS that more than 21,000 patients’ information may have been compromised by looters who stole or accessed prescriptions…
Search Results for: walgreens
Website operators are in the dark about privacy violations by third-party scripts
by Steven Englehardt, Gunes Acar, and Arvind Narayanan Recently we revealed that “session replay” scripts on websites record everything you do, like someone looking over your shoulder, and send it to third-party servers. This en-masse data exfiltration inevitably scoops up sensitive, personal information — in real time, as you type it. We released the data…
UK: Employers vicariously liable for data breaches caused by rogue employees
Tim Hickman and Stephen Ravenscroft of White & Case LLP write: In April 2016, the High Court of England and Wales issued its judgment in Axon v Ministry of Defence [2016] EWHC 787 (QB). The court emphasised (albeit obiter) the fact that employers can be liable for data breaches caused by rogue employees (in the present case,…
Few Consequences For Health Privacy Law’s Repeat Offenders
Regulators have logged dozens, even hundreds, of complaints against some health providers for violating federal patient privacy law. Warnings are doled out privately, but sanctions are imposed only rarely. Companies say they take privacy seriously. by Charles Ornstein and Annie Waldman ProPublica, Dec. 29, 2015, 4 a.m. This story was co-published with NPR’s Shots blog. When CVS Health customers complained…
Small-Scale Violations of Medical Privacy Often Cause the Most Harm
Note: the following article was reported by Charles Ornstein of ProPublica, Dec. 10, 2015, 5 a.m. and is reproduced under Creative Commons license. Although Ornstein did not mention it in his reporting, the case of Tami Matteson was previously covered on this site in 2013 in a post entitled ” ‘Small’ breach, big harm.” In that article,…
U. of Cincinnati Medical Center not liable for employee’s Facebook post on a patient’s STD (updated)
Kevin Grasha has an update on a breach previously noted on this site. University of Cincinnati Medical Center can’t be sued after an employee leaked private medical records about a patient who had syphilis, a judge ruled Monday. The patient, a woman in her early 20s, filed the lawsuit last year. A screen shot of the…