Healthcare Information Security

HIPAA Technical Safeguards

Touchstone Medical Imaging Posts Data Breach Notification

by Patrick Ouellette

Touchstone Medical Imaging, LLC has sent out notices to some patients treated prior to August of 2012 that it learned on May 9, 2014 that a shared folder holding sensitive data was exposed on the internet. The imaging specialist organization...

Cedars-Sinai Data Breach Update: 33,000 Patients Affected

by Patrick Ouellette

The Cedars-Sinai Medical Center in Los Angeles announced an unencrypted laptop theft that compromised at least more than 500 patients’ data in August, but actual number of affected patients was unknown. The Los Angeles Times recently reported...

Report: rollout lacked CMS accountability

by Patrick Ouellette

More details surrounding the Centers for Medicare and Medicaid Services (CMS) hurried launch last fall are emerging. The most recent, Rep. Darrell Issa’s (R-Calif.) “Behind the Curtain of the Rollout,”...

GAO: CMS must boost privacy and security controls

by Patrick Ouellette

According to the U.S. Government Accountability Office (GAO), the Centers for Medicare and Medicaid Services (CMS) has made strides in addressing privacy and security controls, there is still work to be done to mitigate risks....

Aventura Hospital reports 82,601-patient data breach

by Patrick Ouellette

Aventura Hospital and Medical Center recently announced its third data breach in two years, according to The most recent breach exposed 82,601 patients’ data from Sept. 13, 2012 to June 9, 2014 and result from a vendor’s...

Temple physicians office alerts 3,780 patients of data breach

by Patrick Ouellette

A Temple University physicians’ office recently notified 3,780 patients that their data was exposed after a laptop was stolen from its surgery department in July. reports the Temple University physicians’ office laptop...

Central Utah Clinic notifies patients of 2012 data breach

by Patrick Ouellette

Central Utah Clinic published a data breach notification letter to alert 31,677 patients that their information had been compromised on August 7, according to a post on Central Utah Clinic, a Utah multi-specialty practice that...

HealthCare.Gov hacking incident: Industry commentary

by Patrick Ouellette

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team and FBI are now investigating the recent hack into the HealthCare.Gov test server. For a server that wasn’t supposed to be connected to the internet, the...

Hackers upload malware onto HealthCare.Gov test server

by Patrick Ouellette

Perhaps the Centers for Medicare and Medicaid Services (CMS) had good reason for withholding HealthCare.Gov security control information from the Associated Press. According to a Wall Street Journal report, hackers were able to gain entry into...

Should CMS release Healthcare.Gov security information?

by Patrick Ouellette

The Centers for Medicare and Medicaid Services (CMS) made news recently when it denied an Associated Press (AP) request for information about HealthCare.Gov security. Though it could have provided some generic details with respect to the HealthCare.Gov...

Duke Health System notifies patients of data breach

by Patrick Ouellette

Duke University Health System recently announced that it experienced a patient data breach on July 1 when an unauthorized person stole an unencrypted thumb drive from an administrative building. According to the patient notice on the Duke website,...

Health data encryption questions to ask your vendors

by Patrick Ouellette

The umbrella vendor statement “we encrypt all of our data” isn’t enough to satisfy HIPAA regulations, nor is it sufficient for a healthcare organization to trust in those words as it’s building a strong security program....

Health data encryption: Software architecture best practices

by Patrick Ouellette

Data encryption in healthcare isn’t necessarily a cure-all, as top-flight hackers can crack encryption keys with relative ease. But there is obvious value in ensuring that protected health information (PHI) is encrypted, both locally on...

Cedars-Sinai reports unencrypted laptop theft, data breach

by Patrick Ouellette

Despite having an organization-wide device encryption policy in place, Cedars-Sinai Medical Center in Los Angeles announced an unencrypted laptop theft that may have compromised more than 500 patients’ data. According to the Cedars-Sinai...

CMS denies AP access to security records

by Patrick Ouellette

The Centers for Medicare and Medicaid Services (CMS) refused an Associated Press (AP) request for information regarding HealthCare.Gov security under the Freedom of Information Act (FOI). CMS contended that security concerns have been unfounded...

S.C. hospital reports laptop theft, patient data breach

by Patrick Ouellette

Self Regional Healthcare of Greenwood, S.C. is alerting patients of a data breach that occurred over Memorial Day weekend when two men stole an unencrypted laptop containing an unknown number of patient records. The Index Journal reports...

Sutter lawsuit plaintiffs plan to go to Calif. Supreme Court

by Patrick Ouellette

Despite the Third District Court of Appeal of California’s decision that Sutter Medical Foundation hadn’t violated the Confidentiality of Medical Information Act (CMIA), the patient plaintiffs who filed the suit aren’t ready...

Appeals court: Sutter record exposure didn’t violate CMIA

by Patrick Ouellette

The Third District Court of Appeal of California again ruled in favor of Sutter Medical Foundation on Monday, as the court maintained that Sutter had not violated the Confidentiality of Medical Information Act (CMIA). This was the second appellate...

HHS audit discovers New Mexico HIX security vulnerabilities

by Patrick Ouellette

Following a great deal of security criticism toward since its inception, there continue to be security-related issues within state healthcare insurance exchanges. A Department of Health and Human Services (HHS) Office of Inspector...

San Antonio laptop with child vaccination records stolen

by Patrick Ouellette

The San Antonio Metropolitan Health District recently alerted families of just fewer than 300 child patients that their vaccination records had been breached after a city-owned laptop was stolen, according to Apparently the records,...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks