Data on patients may be exposed after X-rays go missing

Data on patients may be exposed after X-rays go missing

The sensitive information, including names, addresses, and Social Security numbers, went missing from a third-party vendor's warehouse.

Administrative error exposes personal data of 10,200 neurology patients

A routine email sent to Dent Neurologic Institute patients mistakenly included the sensitive data of others receiving treatment.

Website hack leads to credit card breach of nearly 10K at N.C. medical practice

Website hack leads to credit card breach of nearly 10K at N.C. medical practice

Other personal information, such as names, contact information and dates of birth, was also compromised.

Indiana University hospital laptop stolen, contains data on 10K patients

Indiana University hospital laptop stolen, contains data on 10K patients

The laptop was password protected, but not encrypted. The theft marks the second breach in just over a year that affected the university health care system.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Medical identity theft to be explored at FTC hearing

Medical identity theft to be explored at FTC hearing

Concerns over identity theft affecting senior citizens prompted the hearing.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Laptop stolen from S.C. medical center contains data on 7k veterans

Laptop stolen from S.C. medical center contains data on 7k veterans

Last week, hospital officials began notifying patients of the February theft.

Medical records of 2k patients left unprotected on contractor's server

Medical records of 2k patients left unprotected on contractor's server

The records were stored by storage provider working with Glens Falls Hospital in New York.

Doctor's stolen laptop found at pawn shop; data of 652 patients exposed

The psychologist was a private contractor for Washington's Department of Social and Health Services.

Urgent care: Safeguarding data at health care providers

Urgent care: Safeguarding data at health care providers

Health providers have pressing reasons to now embrace security, says INTEGRIS Health's John Delano. Karen Epper Hoffman reports.

Laptop containing patient data goes missing from Mississippi hospital

Laptop containing patient data goes missing from Mississippi hospital

Officials at the University of Mississippi Medical Center posted an online notice, saying they had "insufficient contact information" to individually notify those potentially compromised.

Following breaches, Utah Senate passes data protection law

Sen. Stuart Reid (R-Utah) began drafting the bill last year, following a massive breach in the state of nearly 800,000 Medicaid records.

Stem cell collector settles with FTC after breach

Cbr Systems, a California registry that collects and stores umbilical cord blood and tissue, will face biennial audits for the next 20 years.

Laptop theft at Stanford children's hospital risks data of 57K

Earlier this month, an unencrypted laptop was stolen from the car of a physician at Lucile Packard Children's Hospital.

U.S. Health Department unveils new HIPAA rules

The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules undergo their biggest changes since the legislation was passed in 1996.

Utah Medicaid patients affected by second breach in year

This time, an employee for a Medicaid contractor lost an unencrypted USB drive containing personal data.

Patient data revealed in medical device hack

Researchers have exploited critical vulnerabilities in two popular medical management platforms used in a host of services, including assisting surgeries and generating patient reports.

UNC cancer center servers attacked to expose info of 3.5K

More than six months after the incident, affected individuals were notified of the breach at UNC Lineberger Comprehensive Cancer Center in Chapel Hill, N.C.

Calif. health vendor laptop stolen; nearly 70K affected

The personal information of patients at three health systems in Virginia, New Jersey and Michigan was exposed.

Feds step up HIPAA enforcement with hospice settlement

The Hospice of North Idaho will pay $50,000 to the U.S. Department of Health and Human Services following a breach that affected 441 patients -- an indication that the agency is not letting even small incidents slide.

Nearly 30K Indiana patients notified of laptop theft

A laptop, stolen from a hospital employee's home, could have included the sensitive data of nearly 30,000 patients.

Calif. Medicaid program exposes 14,000 SSNs

The California Medical Assistance Program (Medi-Cal) accidentally posted online the sensitive information of several thousand individuals.

Nine out of 10 hospitals lost personal data in last two years

A recent survey from the Ponemon Institute and ID Experts found that breaches are costing the health care industry an average of $7 billion annually.

Stolen laptop results in theft of 100k patient records

A laptop containing the unencrypted personal records of Alere Home Monitoring customers was stolen from an employees car.

Backup tapes missing from health facilities in Mass. and R.I.

Missing information includes ultrasound images, names, birth dates and Social Security numbers of patients who visited two health facilities.

Laptop stolen from Tennessee hospital

The breach compromised the personal information of about 27,000 patients at Blount Memorial Hospital in Maryville, Tenn.

BC Health Ministry admits to data sharing scandal

The provincial government of British Columbia has fired four employees and suspended three others after allegations that health data was shared inappropriately.

Massachusetts hospital to pay HIPAA fine

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates have agreed to pay $1.5 million to settle potential HIPAA violations.

Miami hospital hit by second patient breach this year

Police are investigating a data breach incident at the University of Miami Hospital, where two employees were fired for stealing patient data, and possibly selling the sensitive information.

Data of 55k stolen from Indianapolis cancer facility

The laptop of an employee of Indianapolis-based Cancer Care Group was stolen, exposing the information of patients and staff.

Stolen laptop at Apria Healthcare exposes patient data

Stolen laptop at Apria Healthcare exposes patient data

Stanford Hospital computer with patient data stolen

The computer theft marks the second breach of patient data in a year at Stanford Hospital.

Thumb drive with data on 14k hospital patients stolen

A USB drive with data on 14,300 patients of Oregon Health & Science University in Portland was stolen from the home of an employee on July 4 or 5.

Staying current: Merit Medical Systems and Symplified

Staying current: Merit Medical Systems and Symplified

The apps used on mobile devices connected to its network contained sensitive data, so a medical device manufacturer needed to ensure that access control and authorization policies were enforced.

Unencrypted EMC laptop stolen containing patient data

An unencrypted laptop containing the personal data of roughly 10,000 medical patients was stolen from a hospital vendor employee's home.

Computer with patient data stolen from NYC hosptial

A desktop computer storing personal health information was stolen from NYU Langone Medical Center.

Laptop containing health data stolen from Boston hospital

Beth Israel Deaconess Medical Center (BIDMC) in Boston is warning thousands of patients that their personal health information was contained on a laptop that was stolen.

Server breached at a Vancouver-area school

The personal medical data of nearly 13,000 students and staff at Canada's British Columbia Institute of Technology (BCIT) may have been exposed.

Two-month delay in notifying patients after cancer center breach

An unencrypted laptop containing patient data was stolen in late April from the home of a doctor working for The University of Texas M.D. Anderson Cancer Center.

Alaska agency must pay $1.7m after 500-person breach

Heightened HIPAA enforcement continues, with the U.S. Health and Human Services taking its first-ever action against a state agency after a breach prompted an investigation.

Memorial Sloan-Kettering Cancer Center patient data compromised

For more than six years, the personal and medical data of hundreds of patients of Memorial Sloan-Kettering Cancer Center (MSKCC) in New York was publicly available on the web.

Unencrypted hospital laptop exposes 2k patient records

An employee of the Boston Children's Hospital lost a laptop holding patient information.

IT head fired, ombudsman hired in wake of Utah breach

An apologetic governor of Utah on Tuesday announced the resignation of the state's executive director of technology services, and the hiring of two others, following a massive breach affecting Medicaid claimants.

Health hazard: SC Magazine Roundtable

Health hazard: SC Magazine Roundtable

Health care traditionally, compared with other industries, has lagged in terms of cyber defense, but with attackers now specifically targeting these organizations for patient data, inaction is no longer an option.

ID thieves find gold in medical data

ID thieves find gold in medical data

Is health care a last frontier for today's cyber criminals?

Seventeen years worth of Emory patient data missing

Emory Healthcare in Atlanta lost the personal information of surgery patients treated at its three hospitals when 10 backup discs went missing.

Hospital workers access patient data with fraud in mind

Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.

Number of victims in state of Utah breach significantly rises

A misconfigured server is to blame for the attack, which impacted roughly 780,000 Medicaid and Children's Health Insurance Plan recipients.

Hackers target Medicaid claim forms in Utah

Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.

Laptop with patient data stolen from Howard University Hospital contractor

Letters have gone out to patients of Howard University Hospital in Washington, D.C., after their personal information was exposed when a laptop was stolen from the car of a contractor.

BlueCross fine over breach related to HIPAA notification rule

The BlueCross BlueShield settlement with the Office for Civil Rights is a reminder for health care organizations to bolster their data security, experts said.

Lawsuits in Sutter Health breach to be rolled into one

Following the theft of a computer at Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit.

Patient data available on Google, Yahoo due to security mishap

The health records of more than 30,000 patients at five California hospitals may have been publicly accessible via search engines due to improper server configurations.

Phishing email leads to Denver area health care breach

Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.

Patient data at U of M hospital breached

A thief broke into a doctor's car and stole a briefcase containing a flash drive that held personal data on patients of University of Miami Miller School of Medicine.

Indiana University hospital hacked to steal data

Malware may have allowed attackers to make off with the personal information of thousands of people connected to Indiana University Health Goshen Hospital.

Central Kentucky's largest group practice hit with patient data breach

A laptop containing personal information of patients was stolen from the neurology department of Lexington Clinic on the night of Dec. 7, 2011.

Keep taking the tablets...

Taking your Android's pulse before you give it access to your health records.

Loma Linda hospital worker fired for taking home private records

The private medical records belonging to some 1,300 patients and/or their guarantors at Loma Linda University Medical Center in California were compromised when a former hospital employee violated policy.

Getting serious about health care security

Getting serious about health care security

Health care providers and their patients both have parts to play in the high-stakes game of protecting sensitive medical information, especially as technology becomes easier to implement and enforcement of regulations intensifies.

Sutter Health faces lawsuit after lost computer

The unencrypted data of 4.2 million Sutter Health patients went missing last month, and now the health care providers faces legal action.

Sutter Health loses computer, data on 4.2 million

Northern California-based Sutter Health is the second major health care organization to fall victim to a major breach of unencrypted data.

Taking a pulse: SC Health Care Roundtable

Taking a pulse: SC Health Care Roundtable

Data protection traditionally has lagged at health care organizations when compared to other industry verticals, and emerging technology like mobile devices and cloud computing doesn't make the challenge any easier.

Defense Department facing $4.9B lawsuit over breach

A suit contends that the defendants failed to properly encrypt data, then "intentionally, willfully and recklessly" allowed an untrained individual to access the information.

Delaware pediatric health facility loses data on 1.6 million

Three unencrypted backup tapes containing the personal information of more than a million and a half individuals have gone missing from Nemours, a children's health system in Wilmington, Del.

Lost backup tapes affect 4.9 million current, former military

One of the largest breaches of the year has struck a military health benefits firm and a major defense contractor, and the data wasn't encrypted because a compliant solution wasn't available.

Losing medical data

Apparently, the loss of sensitive medical data is not purely an English disease.

New cybersecurity alliance launches in Massachusetts

The Advanced Cyber Security Center will partner businesses and research universities to share threat information and develop more effective defense strategies.

Ontario hospital employee accesses PHI

An employee of North Bay Regional Health Centre in Ontario, Canada accessed without permission the personal health information (PHI) of thousands of patients.

Data of 20k patients of Stanford University hospital exposed

A database with data on 20,000 patients at Stanford University's hospital in Palo Alto, Calif. was made available on a website.

More insiders snooping into health records, says survey

Breaches into protected health information (PHI) are on the rise, and staffers are responsible for more than a third of the intrusions, a new survey has found.

IT worker pleads guilty to crippling ex-employer's network

Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the computer network of the U.S.-based subsidiary of a Japanese pharmaceutical company

Me and my job: Convincing execs that business continuity is more than backing-up data

Me and my job: Convincing execs that business continuity is more than backing-up data

Working in the security office is actually an ideal spot for the business continuity professional, says Stieven Weidner manager, business continuity, Catholic Health East.

Seattle hospital data exposed online

Swedish Medical Center, the largest nonprofit health care provider in the greater Seattle area, is alerting current and former employees that their personal information was inadvertently accessible online for several weeks.

Thousands of Ontario cancer test results may be lost in the mail

Records containing the personal health information of thousands of Ontario citizens who participated in the province's colon cancer screening program may have gone missing.

Computer theft impacts 400K S. Carolina patients

In one of the largest health care data breaches this year, a computer containing hundreds of thousands of patient records was stolen from South Carolina's Spartanburg Regional Healthcare System.

UCLA Health System fined over celebrity patient snooping

UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.

Colorado agency loses medical aid applicants' data

A computer disk containing the personal information of thousands of medical aid applications has gone missing from the Colorado Department of Health Care Policy and Financing.

California state workers' data taken from state offices

The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.

Signing on the dotted line of HIPAA

Signing on the dotted line of HIPAA

Given that a misrepresentation of the facts during attestation could result in civil and criminal penalties, what does a health care executive need to feel comfortable about before signing on the dotted line?

California workers' compensation data exposed online

Electronic files containing the personal information of hundreds of thousands of individuals who have applied for California workers' compensation benefits were mistakenly exposed online.

Clinical mobility: cGate Health and FireHost

Clinical mobility: cGate Health and FireHost

Maintaining protection of clinical data and patients' personal information is the top priority for a health care provider with a focus on mobile devices, reports Greg Masters.

Patient data stolen from California medical group

The medical information of thousands of individuals was compromised after thieves raided the offices of California medical group HealthCare Partners.

More than 30 hospital workers fired for snooping

Thirty-two employees were fired from two hospitals in Minnesota after they viewed electronic records belonging to patients who were hospitalized after overdosing at a house party, according to a report in the Minnesota Star-Tribune. The employees, who worked at Unity Hospital in Fridley and Mercy Hospital in Coon Rapids, do have access to certain records, but in this instance, had no legitimate reason to view the documents. As hospitals transition to electronic health care records, more instances of unauthorized access, such as cases last year in California, have cropped up.

Advanced threats: Assume the worst

Advanced threats: Assume the worst

In today's sophisticated malware and intrusion tactics, organizations should already assume they have been compromised. The key is readiness, says Larry Whiteside, CISO, Visiting Nurse Service of N.Y.

Connecticut hospital loses more than 90,000 patient records

MidState Medical Center, located in Meriden, Conn., has reported missing a hard drive containing the personal information of tens of thousands of hospital patients.

Health Canada in cannabis security breach

Health Canada sent the private information of two individuals to a Toronto resident inadvertently last month in a security gaffe.

Scaled down, armored up: Small and midsized business protection

For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.

Sensitive data goes missing from Illinois childcare agency

A Des Plaines, Ill.-based social service agency that serves abused children revealed late last week that three computer files containing personal and medical information of almost 4,000 children have gone missing.

Texas hospital hacker sentenced to nine years

A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.

Health Net breach prompts investigation, affects 1.9M

Managed health care provider Health Net revealed this week that it lost the personal information of nearly two million current and past enrollees, its second massive breach in 16 months.

Medical ID theft on the rise, says new study

Consumers are not familiar enough with the dangers of medical identity theft, according to a Ponemon study released this week.

NYC hospital system breach affects 1.7 million

The New York City Health and Hospitals Corp. (HHC), the city's municipal hospital system, has begun notifying 1.7 million individuals about the theft of electronic record files that contained their personal information.

Views regarding PCI compliance are mostly positive

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.

Red Flags Rule will not apply to certain professions

Services providers such as lawyers, doctors and accountants will not have to comply with the Federal Trade Commission's Red Flags Rule.

Bad medicine: Can poor data security result in death?

Medical records could become compromised during transmission, on the patient's computer, or at any number of multiple points of storage.

Class-action lawsuit brought against AvMed over breach

A Florida-based health insurance provider has been hit with a class-action lawsuit after it revealed earlier this year that thieves had stolen two company laptops containing the personal information of members.

Sensitive laptop stolen from Detroit hospital

A laptop containing sensitive patient information was recently stolen from Henry Ford Health Systems in Detroit.

Breaches cost health care industry $6 billion annually

Despite facing stricter privacy and security regulations, hospitals still are struggling to protect patient information, and breaches cost the health care industry $6 billion annually, according to a new study.

POLL