The sensitive information, including names, addresses, and Social Security numbers, went missing from a third-party vendor's warehouse.
A routine email sent to Dent Neurologic Institute patients mistakenly included the sensitive data of others receiving treatment.
Other personal information, such as names, contact information and dates of birth, was also compromised.
The laptop was password protected, but not encrypted. The theft marks the second breach in just over a year that affected the university health care system.
The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.
Concerns over identity theft affecting senior citizens prompted the hearing.
The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.
Last week, hospital officials began notifying patients of the February theft.
The records were stored by storage provider working with Glens Falls Hospital in New York.
The psychologist was a private contractor for Washington's Department of Social and Health Services.
Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.
Officials at the University of Mississippi Medical Center posted an online notice, saying they had "insufficient contact information" to individually notify those potentially compromised.
Sen. Stuart Reid (R-Utah) began drafting the bill last year, following a massive breach in the state of nearly 800,000 Medicaid records.
Cbr Systems, a California registry that collects and stores umbilical cord blood and tissue, will face biennial audits for the next 20 years.
Earlier this month, an unencrypted laptop was stolen from the car of a physician at Lucile Packard Children's Hospital.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules undergo their biggest changes since the legislation was passed in 1996.
This time, an employee for a Medicaid contractor lost an unencrypted USB drive containing personal data.
Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.
More than six months after the incident, affected individuals were notified of the breach at UNC Lineberger Comprehensive Cancer Center in Chapel Hill, N.C.
The personal information of patients at three health systems in Virginia, New Jersey and Michigan was exposed.
The Hospice of North Idaho will pay $50,000 to the U.S. Department of Health and Human Services following a breach that affected 441 patients -- an indication that the agency is not letting even small incidents slide.
A laptop, stolen from a hospital employee's home, could have included the sensitive data of nearly 30,000 patients.
The California Medical Assistance Program (Medi-Cal) accidentally posted online the sensitive information of several thousand individuals.
A recent survey from the Ponemon Institute and ID Experts found that breaches are costing the health care industry an average of $7 billion annually.
A laptop containing the unencrypted personal records of Alere Home Monitoring customers was stolen from an employees car.
Missing information includes ultrasound images, names, birth dates and Social Security numbers of patients who visited two health facilities.
The breach compromised the personal information of about 27,000 patients at Blount Memorial Hospital in Maryville, Tenn.
The provincial government of British Columbia has fired four employees and suspended three others after allegations that health data was shared inappropriately.
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates have agreed to pay $1.5 million to settle potential HIPAA violations.
Police are investigating a data breach incident at the University of Miami Hospital, where two employees were fired for stealing patient data, and possibly selling the sensitive information.
The laptop of an employee of Indianapolis-based Cancer Care Group was stolen, exposing the information of patients and staff.
Stolen laptop at Apria Healthcare exposes patient data
The computer theft marks the second breach of patient data in a year at Stanford Hospital.
A USB drive with data on 14,300 patients of Oregon Health & Science University in Portland was stolen from the home of an employee on July 4 or 5.
The apps used on mobile devices connected to its network contained sensitive data, so a medical device manufacturer needed to ensure that access control and authorization policies were enforced.
An unencrypted laptop containing the personal data of roughly 10,000 medical patients was stolen from a hospital vendor employee's home.
A desktop computer storing personal health information was stolen from NYU Langone Medical Center.
Beth Israel Deaconess Medical Center (BIDMC) in Boston is warning thousands of patients that their personal health information was contained on a laptop that was stolen.
The personal medical data of nearly 13,000 students and staff at Canada's British Columbia Institute of Technology (BCIT) may have been exposed.
An unencrypted laptop containing patient data was stolen in late April from the home of a doctor working for The University of Texas M.D. Anderson Cancer Center.
Heightened HIPAA enforcement continues, with the U.S. Health and Human Services taking its first-ever action against a state agency after a breach prompted an investigation.
For more than six years, the personal and medical data of hundreds of patients of Memorial Sloan-Kettering Cancer Center (MSKCC) in New York was publicly available on the web.
An employee of the Boston Children's Hospital lost a laptop holding patient information.
An apologetic governor of Utah on Tuesday announced the resignation of the state's executive director of technology services, and the hiring of two others, following a massive breach affecting Medicaid claimants.
Health care traditionally, compared with other industries, has lagged in terms of cyber defense, but with attackers now specifically targeting these organizations for patient data, inaction is no longer an option.
Is health care a last frontier for today's cyber criminals?
Emory Healthcare in Atlanta lost the personal information of surgery patients treated at its three hospitals when 10 backup discs went missing.
Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.
A misconfigured server is to blame for the attack, which impacted roughly 780,000 Medicaid and Children's Health Insurance Plan recipients.
Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.
Letters have gone out to patients of Howard University Hospital in Washington, D.C., after their personal information was exposed when a laptop was stolen from the car of a contractor.
The BlueCross BlueShield settlement with the Office for Civil Rights is a reminder for health care organizations to bolster their data security, experts said.
Following the theft of a computer at Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit.
The health records of more than 30,000 patients at five California hospitals may have been publicly accessible via search engines due to improper server configurations.
Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.
A thief broke into a doctor's car and stole a briefcase containing a flash drive that held personal data on patients of University of Miami Miller School of Medicine.
Malware may have allowed attackers to make off with the personal information of thousands of people connected to Indiana University Health Goshen Hospital.
A laptop containing personal information of patients was stolen from the neurology department of Lexington Clinic on the night of Dec. 7, 2011.
Taking your Android's pulse before you give it access to your health records.
The private medical records belonging to some 1,300 patients and/or their guarantors at Loma Linda University Medical Center in California were compromised when a former hospital employee violated policy.
Health care providers and their patients both have parts to play in the high-stakes game of protecting sensitive medical information, especially as technology becomes easier to implement and enforcement of regulations intensifies.
The unencrypted data of 4.2 million Sutter Health patients went missing last month, and now the health care providers faces legal action.
Northern California-based Sutter Health is the second major health care organization to fall victim to a major breach of unencrypted data.
Data protection traditionally has lagged at health care organizations when compared to other industry verticals, and emerging technology like mobile devices and cloud computing doesn't make the challenge any easier.
A suit contends that the defendants failed to properly encrypt data, then "intentionally, willfully and recklessly" allowed an untrained individual to access the information.
Three unencrypted backup tapes containing the personal information of more than a million and a half individuals have gone missing from Nemours, a children's health system in Wilmington, Del.
One of the largest breaches of the year has struck a military health benefits firm and a major defense contractor, and the data wasn't encrypted because a compliant solution wasn't available.
Apparently, the loss of sensitive medical data is not purely an English disease.
The Advanced Cyber Security Center will partner businesses and research universities to share threat information and develop more effective defense strategies.
An employee of North Bay Regional Health Centre in Ontario, Canada accessed without permission the personal health information (PHI) of thousands of patients.
A database with data on 20,000 patients at Stanford University's hospital in Palo Alto, Calif. was made available on a website.
Breaches into protected health information (PHI) are on the rise, and staffers are responsible for more than a third of the intrusions, a new survey has found.
Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the computer network of the U.S.-based subsidiary of a Japanese pharmaceutical company
Working in the security office is actually an ideal spot for the business continuity professional, says Stieven Weidner manager, business continuity, Catholic Health East.
Swedish Medical Center, the largest nonprofit health care provider in the greater Seattle area, is alerting current and former employees that their personal information was inadvertently accessible online for several weeks.
Records containing the personal health information of thousands of Ontario citizens who participated in the province's colon cancer screening program may have gone missing.
In one of the largest health care data breaches this year, a computer containing hundreds of thousands of patient records was stolen from South Carolina's Spartanburg Regional Healthcare System.
UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.
A computer disk containing the personal information of thousands of medical aid applications has gone missing from the Colorado Department of Health Care Policy and Financing.
The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
Given that a misrepresentation of the facts during attestation could result in civil and criminal penalties, what does a health care executive need to feel comfortable about before signing on the dotted line?
Electronic files containing the personal information of hundreds of thousands of individuals who have applied for California workers' compensation benefits were mistakenly exposed online.
Maintaining protection of clinical data and patients' personal information is the top priority for a health care provider with a focus on mobile devices, reports Greg Masters.
The medical information of thousands of individuals was compromised after thieves raided the offices of California medical group HealthCare Partners.
Thirty-two employees were fired from two hospitals in Minnesota after they viewed electronic records belonging to patients who were hospitalized after overdosing at a house party, according to a report in the Minnesota Star-Tribune. The employees, who worked at Unity Hospital in Fridley and Mercy Hospital in Coon Rapids, do have access to certain records, but in this instance, had no legitimate reason to view the documents. As hospitals transition to electronic health care records, more instances of unauthorized access, such as cases last year in California, have cropped up.
In today's sophisticated malware and intrusion tactics, organizations should already assume they have been compromised. The key is readiness, says Larry Whiteside, CISO, Visiting Nurse Service of N.Y.
MidState Medical Center, located in Meriden, Conn., has reported missing a hard drive containing the personal information of tens of thousands of hospital patients.
Health Canada sent the private information of two individuals to a Toronto resident inadvertently last month in a security gaffe.
For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.
A Des Plaines, Ill.-based social service agency that serves abused children revealed late last week that three computer files containing personal and medical information of almost 4,000 children have gone missing.
A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.
Managed health care provider Health Net revealed this week that it lost the personal information of nearly two million current and past enrollees, its second massive breach in 16 months.
Consumers are not familiar enough with the dangers of medical identity theft, according to a Ponemon study released this week.
The New York City Health and Hospitals Corp. (HHC), the city's municipal hospital system, has begun notifying 1.7 million individuals about the theft of electronic record files that contained their personal information.
A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
Services providers such as lawyers, doctors and accountants will not have to comply with the Federal Trade Commission's Red Flags Rule.
Medical records could become compromised during transmission, on the patient's computer, or at any number of multiple points of storage.
A Florida-based health insurance provider has been hit with a class-action lawsuit after it revealed earlier this year that thieves had stolen two company laptops containing the personal information of members.
A laptop containing sensitive patient information was recently stolen from Henry Ford Health Systems in Detroit.
Despite facing stricter privacy and security regulations, hospitals still are struggling to protect patient information, and breaches cost the health care industry $6 billion annually, according to a new study.
