Healthcare Information Security

HIPAA Technical Safeguards

Aventura Hospital reports 82,601-patient data breach

by Patrick Ouellette

Aventura Hospital and Medical Center recently announced its third data breach in two years, according to The most recent breach exposed 82,601 patients’ data from Sept. 13, 2012 to June 9, 2014 and result from a vendor’s...

Temple physicians office alerts 3,780 patients of data breach

by Patrick Ouellette

A Temple University physicians’ office recently notified 3,780 patients that their data was exposed after a laptop was stolen from its surgery department in July. reports the Temple University physicians’ office laptop...

Central Utah Clinic notifies patients of 2012 data breach

by Patrick Ouellette

Central Utah Clinic published a data breach notification letter to alert 31,677 patients that their information had been compromised on August 7, according to a post on Central Utah Clinic, a Utah multi-specialty practice that...

HealthCare.Gov hacking incident: Industry commentary

by Patrick Ouellette

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team and FBI are now investigating the recent hack into the HealthCare.Gov test server. For a server that wasn’t supposed to be connected to the internet, the...

Hackers upload malware onto HealthCare.Gov test server

by Patrick Ouellette

Perhaps the Centers for Medicare and Medicaid Services (CMS) had good reason for withholding HealthCare.Gov security control information from the Associated Press. According to a Wall Street Journal report, hackers were able to gain entry into...

Should CMS release Healthcare.Gov security information?

by Patrick Ouellette

The Centers for Medicare and Medicaid Services (CMS) made news recently when it denied an Associated Press (AP) request for information about HealthCare.Gov security. Though it could have provided some generic details with respect to the HealthCare.Gov...

Duke Health System notifies patients of data breach

by Patrick Ouellette

Duke University Health System recently announced that it experienced a patient data breach on July 1 when an unauthorized person stole an unencrypted thumb drive from an administrative building. According to the patient notice on the Duke website,...

Health data encryption questions to ask your vendors

by Patrick Ouellette

The umbrella vendor statement “we encrypt all of our data” isn’t enough to satisfy HIPAA regulations, nor is it sufficient for a healthcare organization to trust in those words as it’s building a strong security program....

Health data encryption: Software architecture best practices

by Patrick Ouellette

Data encryption in healthcare isn’t necessarily a cure-all, as top-flight hackers can crack encryption keys with relative ease. But there is obvious value in ensuring that protected health information (PHI) is encrypted, both locally on...

Cedars-Sinai reports unencrypted laptop theft, data breach

by Patrick Ouellette

Despite having an organization-wide device encryption policy in place, Cedars-Sinai Medical Center in Los Angeles announced an unencrypted laptop theft that may have compromised more than 500 patients’ data. According to the Cedars-Sinai...

CMS denies AP access to security records

by Patrick Ouellette

The Centers for Medicare and Medicaid Services (CMS) refused an Associated Press (AP) request for information regarding HealthCare.Gov security under the Freedom of Information Act (FOI). CMS contended that security concerns have been unfounded...

S.C. hospital reports laptop theft, patient data breach

by Patrick Ouellette

Self Regional Healthcare of Greenwood, S.C. is alerting patients of a data breach that occurred over Memorial Day weekend when two men stole an unencrypted laptop containing an unknown number of patient records. The Index Journal reports...

Sutter lawsuit plaintiffs plan to go to Calif. Supreme Court

by Patrick Ouellette

Despite the Third District Court of Appeal of California’s decision that Sutter Medical Foundation hadn’t violated the Confidentiality of Medical Information Act (CMIA), the patient plaintiffs who filed the suit aren’t ready...

Appeals court: Sutter record exposure didn’t violate CMIA

by Patrick Ouellette

The Third District Court of Appeal of California again ruled in favor of Sutter Medical Foundation on Monday, as the court maintained that Sutter had not violated the Confidentiality of Medical Information Act (CMIA). This was the second appellate...

HHS audit discovers New Mexico HIX security vulnerabilities

by Patrick Ouellette

Following a great deal of security criticism toward since its inception, there continue to be security-related issues within state healthcare insurance exchanges. A Department of Health and Human Services (HHS) Office of Inspector...

San Antonio laptop with child vaccination records stolen

by Patrick Ouellette

The San Antonio Metropolitan Health District recently alerted families of just fewer than 300 child patients that their vaccination records had been breached after a city-owned laptop was stolen, according to Apparently the records,...

NRAD Medical Associates notifies 97,000 patients of breach

by Patrick Ouellette

NRAD Medical Associates of Garden City, New York has informed 97,000 patients that an internal employee inappropriately accessed protected health information (PHI) and patient billing data back in April 2014. According to,...

Montana DPHHS HIPAA breach affects 1.3 million patients

by Patrick Ouellette

The Montana Department of Public Health and Human Services (DPHHS) has reported more details on one of the largest HIPAA breaches in terms of number of affected patients, as up to 1.3 million records were compromised. The server hack was...

St. Joseph Health sends patient breach notification letters

by Patrick Ouellette

Among the items that can be lost in the mix when one healthcare organization takes over another is security and compliance. St. Joseph Health recently took over the former Redwood Regional Medical Group’s imaging center and has taken responsibility...

Apple HealthKit privacy questions for providers, developers

by Patrick Ouellette

As referenced by Rocky Mountain Human Services (RMHS) IT Director Frank Baer, there is no turning back from the confluence of mHealth applications and healthcare privacy concerns. Instead, organizations must go head-first into mobile security....


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks