Healthcare Information Security

Healthcare Data Breaches

Integrated Rehab Consultants Admits to 2016 Healthcare Data Breach

April 12, 2018 - Chicago-based Integrated Rehab Consultants is just now admitting to a healthcare data breach that it knew about back in 2016.  In December 2016, IRC received a tip from a healthcare researcher about patient data posted on a public repository. After conducting a probe, IRC determined that a third-party vendor had provided the patient data to another third-party vendor who uploaded the...


More Articles

Healthcare Industry Worst in Stopping Insider Data Breaches

by Fred Donovan

The healthcare industry is the worst when it comes to stopping insider data breaches, according to Verizon’s 2018 Data Breach Investigations Report (DBIR) released April 10. The report found that the healthcare industry was the only sector...

Survey Finds Lax Patching Practices Feed Healthcare Data Breaches

by Fred Donovan

Patching vulnerabilities in your systems and applications is one of the most important steps you can take to prevent a healthcare data breach at your organization. Yet, a majority of security professionals in the healthcare and pharmaceutical...

Federal Lawsuit Filed Following Alleged CVS Health Data Breach

by Elizabeth Snell

Three plaintiffs filed a federal lawsuit on March 21, 2018, claiming that a CVS Health data breach exposed the PHI of over 6,000 individuals, including revealing the HIV status of the individuals.  CVS Health, Caremark LLC (a subsidiary...

SAMBA Mailing Error Creates Data Security Concern for 13.9K

by Elizabeth Snell

A programming error that occurred during the preparation process for mailing out certain IRS tax forms may have led to documents being sent to the wrong recipients, creating a data security concern for some individuals, according to SAMBA Federal...

Banner Health Data Breach Part of OCR Investigation

by Elizabeth Snell

The 2016 Banner Health data breach is reportedly being investigated by OCR, although it is currently not possible to estimate the range of potential fines from the agency, according to consolidated financial statements. An Ernst & Young year-end...

Potential PHI Exposure at BJC HealthCare Impacts 33K

by Elizabeth Snell

An internal security scan revealed that there was a data server configuration error, allowing potential PHI exposure at BJC HealthCare. The Missouri-based organization revealed in an online statement that 33,420 patients may have had their information...

What the CareFirst Data Breach Decision Means for Healthcare

by Elizabeth Snell

In February 2018, the US Supreme Court denied certiorari in the CareFirst data breach case. CareFirst had requested the Court review the class action lawsuit against it that came from two separate incidents. The first occurred in June 2014, followed...

134K Possibly Affected in St. Peter’s Server Data Breach

by Elizabeth Snell

An unauthorized third party gained access to St. Peter’s Surgery & Endoscopy Center (the Center) servers on January 8, 2018, according to an online statement. The potential data breach was discovered on the same day of the infiltration,...

EmblemHealth Data Breach Leads to $575K NY State Settlement

by Elizabeth Snell

New York Attorney General Eric Schneiderman announced that a $575,000 settlement had been reached in the EmblemHealth data breach case, following a mailing error incident that exposed 81,122 Social Security numbers. The health plan discovered...

70K Notified in Tufts Health Plan Data Breach in Vendor Error

by Elizabeth Snell

A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards were...

Healthcare Ransomware Attack Affects 6.5K at AL Practice

by Elizabeth Snell

A healthcare ransomware attack allowed an unknown hacker to gain access to EMR software containing patient medical records, Jemison Internal Medicine, PC (JIM) announced on its website. The Alabama-based practice said the virus encrypted its...

CarePlus Health Reports PHI Data Breach Impacting 11K

by Elizabeth Snell

A series of programming and printing errors resulted in Explanation of Benefits (EOB) letters being sent to the incorrect CarePlus Health Plan members, an organization spokesperson confirmed to HealthITSecurity.com. Approximately 11,200 individuals...

Hospital Data Breaches Most Common, Affect the Most Patients

by Elizabeth Snell

Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of individuals...

36K Notified of Potential Healthcare Data Breach from Mailing Error

by Elizabeth Snell

A mailing error has led to a potential healthcare data breach for Triple-S Advantage (Triple-S) members, according to an online company statement. The Puerto Rico-based organization is an independent licensee of the BlueCross BlueShield Association....

Decatur County General EMR Security Incident Impacts 24K

by Elizabeth Snell

Tennessee-based Decatur County General Hospital experienced an EMR security incident when unauthorized software was installed on the server the EMR vendor supports on the organization’s behalf. Decatur County received a security incident...

Business Associate Dismissal Denied in HIPAA Data Breach Case

by Elizabeth Snell

A HIPAA data breach case that stemmed from a business associate disclosing PHI will not be dismissed, according to a US District Court decision. CVS Pharmacy, Inc. and Caremark Rx LLC (CVS) sought reimbursement from its business associate, Press...

How Much Do Healthcare Data Breaches Cost Organizations?

by Elizabeth Snell

Healthcare data breaches can be devastating for any covered entity, but the subsequent recovery costs are often quite expensive. Implementing technological tools to aid in prevention and detection measures are not cheap, but not taking necessary...

Retirement Community Reports Potential PHI Data Breach for 5.2K

by Elizabeth Snell

Maryland-based Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc. (Ingleside) experienced a possible PHI data breach when it was targeted by a malware attack, according to an online statement. Ingleside discovered the malware...

Class-Action Lawsuit Filed after Allscripts Ransomware Attack

by Elizabeth Snell

Florida-based Surfside Non-Surgical Orthopedics, P.A. (Orthopedics) filed a class-action lawsuit in the wake of the Allscripts ransomware attack that took place on January 18, 2018. Allscripts’ EHR system was infected by SamSam ransomware,...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks

Continue to site...