Jaikumar Vijayan reports: The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up. Quarterly financial results released by Heartland last week show that the card payment processor has accrued $139.4 million in breach-related expenses. The figure includes a settlement totaling nearly…
FL: Ex-teacher faces prison after pleading guilty to ID theft
Jon Burstein reports: A former high school teacher faces up to five years in prison after federal authorities say she pilfered the identities of past Broward School District students. Sheyla Diaz, 44, pleaded guilty on Friday to a single count of identity theft. She resigned in January from her job as a social sciences teacher…
Former WellPoint employee sentenced
From the Associated Press, news that Angelique Mullings, a WellPoint employee, was sentenced to more than two years in prison for stealing the identities of about 40 health care professionals to buy cell phones: Authorities say Mullings worked for WellPoint, Inc., a licensee of Anthem/Blue Cross and Blue Shield. They said she had access to…
OCR drafts guidelines for security risk analysis
Mary Mosquera reports: The Health & Human Services Department published draft guidance to help healthcare providers and payers figure out what is expected of them in doing a risk analysis of their protected patient health information. The security rule of the Health Insurance Portability and Accountability Act (HIPAA) requires that providers, payment plans and their…
One mystery solved
As I noted in a previous blog entry, I was curious as to why a breach that had originally been listed on OCR’s site involving University of Texas Medical Branch no longer appears on the site. I contacted HHS about the removal of the listing, and they confirmed my hunch: the breach pre-dated the September…
OCR drafts guidelines for security risk analysis
Mary Mosquera reports: The Health & Human Services Department published draft guidance to help healthcare providers and payers figure out what is expected of them in doing a risk analysis of their protected patient health information. The security rule of the Health Insurance Portability and Accountability Act (HIPAA) requires that providers, payment plans and their…