Healthcare Information Security

HIPAA Physical Safeguards

NC DHHS notifies patients of multi-year breach

by Nicole Freeman

The North Carolina Department of Health and Human Services (DHHS) recently revealed that it had unintentionally been publishing private patient information for over 1,300 people on NC Openbook, a public website.  The information, stemming...

Rotech Healthcare reports three-year-old patient data breach

by Patrick Ouellette

Three years after the original data breach occurred, Rotech Healthcare, Inc. sent a breach notification letter to the New Hampshire Attorney General’s Office. Back on November 26, 2010, an employee who left the organization took internal files...

DaVita tells 11,500 patients, employees of laptop theft

by Patrick Ouellette

Laptop theft continues to be a major source of healthcare data breaches, as DaVita, a Colorado-based kidney care company, is alerting 11,500 patients and some employees of a breach, according to a notice on the Davita website. An employee’s...

Peeling away the layers of health data breach response

by Dom Nicastro

Health data breach response has many facets. This much, healthcare security professionals know. But properly responding to a breach starts even before breach response actually begins, said Rebecca Herold, CIPM, CISSP and CEO of The Privacy Professor...

Phoenix Medical Group employee charged in tax fraud scheme

by Nicole Freeman

A Florida man pleaded guilty last Friday to stealing personally identifiable information (PII) while employed at Phoenix Medical Group in Mount Laurel, N.J.. Berness Swan, 44, of Spring Hill, Florida, used the information as part of his role...

University Hospitals notifies 7,100 patients of data breach

by Nicole Freeman

University Hospitals (UH) of Cleveland, Ohio was informed of an alleged hard drive theft on August 8 after a third-party vendor performed updates on the UH computer system. Since the hard drive’s disappearance, the not-for-profit medical center...

Samaritan Health Services fined for July data breach

by Patrick Ouellette

Following a July 2013 patient data breach at Samaritan Health Services of Corvallis, Ore., the Oregon Department of Consumer and Business Services announced that Samaritan will be fined $1,000. The $1,000 fine, according to oregonlive.com, was...

Children’s Healthcare of Atlanta suffers internal data breach

by Patrick Ouellette

After former Children’s Healthcare of Atlanta employee Sharon McCray stole both sensitive patient and organizational data, it fired her and filed a lawsuit against McCray on October 22. A Northern Georgia district court granted Children’s...

Managing a health data breach with a response plan

by Patrick Ouellette

Some organizations say they’re going to improve security after an incident. David Dover, Privacy and Security Officer at Alere Inc., can attest that his organization did make the effort to augment their security approach following a...

Allina Health System reports internal EHR data breach

by Patrick Ouellette

Allina Health System learned of an internal data breach on September 18 in which an Inver Grove Heights medical assistant inappropriately viewed 3,800 patients EHRs from February 2010 to September 2013. The Pioneer Press reports that while the...

Legal ramifications of UCLA Health breach suit dismissal

by Patrick Ouellette

The Second Appellate District Court of California recently dismissed a class-action lawsuit against the University of California regarding a data breach compromising 16,000 UCLA Health System patients’ data. The court made this decision...

Seton Healthcare Family announces unencrypted laptop theft

by Patrick Ouellette

Seton Healthcare Family posted a notice on its website that an unencrypted laptop was stolen between October 3 and October 4 from the Seton McCarthy Clinic that held 5,000 patients’ data. Compromised information included name, address,...

Broward Health sends 960 patient breach notification letters

by Patrick Ouellette

Broward Health recently notified 960 patients via letter that a former Broward Health Medical Center employee stole their personal data between October and December 2012. Broward apparently learned in June that the employees stole “face...

How a HIPAA BA responds to a patient data breach

by Patrick Ouellette

When a healthcare organization goes through a data breach, its HIPAA responsibilities are clearly laid out as covered entities and there is little ambiguity as to what the Department of Health and Human Services (HHS) and Office for Civil Rights...

North Country Hospital in battle with ex-employee over breach

by Patrick Ouellette

North Country Hospital of Newport, Vt. is in a dispute with a former IT employee, Christian Cornelius, as to whether 3,000 patients’ data inside a “retired” laptop was exposed. The former employee claims that he tried to tell...

Memorial Hospital of Lafayette County reports data breach

by Patrick Ouellette

Wisconsin’s Memorial Hospital of Lafayette County has posted notice on its website that it mailed out 8,000 data breach notification letters to patients after it learned on Aug. 6, 2013 that some of their financial statements had been inadvertently...

Legal Aid Society of San Mateo County suffers data breach

by Patrick Ouellette

The Legal Aid Society of San Mateo County is in the process of alerting patients of an August 12 burglary of 10 laptops that held personal data. According to the notification letter to the California Attorney General, the organization said that...

Scottsdale Dermatology Clinic endures billing firm breach

by Patrick Ouellette

The Scottsdale Dermatology Clinic is investigating a patient data breach in which one of its medical billing firm’s employees, Brittany Davidson, and her boyfriend Winfred Aurelious Dick, Jr. used her patient data access to steal credit...

Hope Family Health reports 8,000-patient data breach

by Patrick Ouellette

Hope Family Health of Westmoreland, Tennessee is dealing with the theft of a finance department employee’s unencrypted laptop that held 8,000 patients’ personal information. Hope has notified patients who visited the organization...

Saint Louis University notifies 3,000 patients of data breach

by Patrick Ouellette

Saint Louis University (SLU) is in the process of reporting a health data breach that affected 3,000 patients and occurred in early August. According to KSDK.com, a few SLU employees gave out their account information by mistake as part of a...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks