Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

Unencrypted hospital laptop exposes 2k patient records

May 23, 2012

An employee of the Boston Children's Hospital lost a laptop holding patient information.
 

IT head fired, ombudsman hired in wake of Utah breach

May 16, 2012

An apologetic governor of Utah on Tuesday announced the resignation of the state's executive director of technology services, and the hiring of two others, following a massive breach affecting Medicaid claimants.
 

Health hazard: SC Magazine Roundtable

May 01, 2012

Health care traditionally, compared with other industries, has lagged in terms of cyber defense, but with attackers now specifically targeting these organizations for patient data, inaction is no longer an option.
 

ID thieves find gold in medical data

May 01, 2012

Is health care a last frontier for today's cyber criminals?
 

Seventeen years worth of Emory patient data missing

April 20, 2012

Emory Healthcare in Atlanta lost the personal information of surgery patients treated at its three hospitals when 10 backup discs went missing.
 

Hospital workers access patient data with fraud in mind

April 18, 2012

Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.
 

Number of victims in state of Utah breach significantly rises

April 09, 2012

A misconfigured server is to blame for the attack, which impacted roughly 780,000 Medicaid and Children's Health Insurance Plan recipients.
 

Hackers target Medicaid claim forms in Utah

April 05, 2012

Hackers, believed to be operating out of Eastern Europe, breached a server at the Utah Department of Health (UDOH) to access thousands of Medicaid records.
 

Laptop with patient data stolen from Howard University Hospital contractor

March 29, 2012

Letters have gone out to patients of Howard University Hospital in Washington, D.C., after their personal information was exposed when a laptop was stolen from the car of a contractor.
 

BlueCross fine over breach related to HIPAA notification rule

March 15, 2012

The BlueCross BlueShield settlement with the Office for Civil Rights is a reminder for health care organizations to bolster their data security, experts said.
 

Lawsuits in Sutter Health breach to be rolled into one

March 08, 2012

Following the theft of a computer at Sutter Health in October that put the personal information of more than 4.2 million patients at risk, 11 class-action lawsuits were filed against the Sacramento, Calif.-based nonprofit.
 

Patient data available on Google, Yahoo due to security mishap

February 23, 2012

The health records of more than 30,000 patients at five California hospitals may have been publicly accessible via search engines due to improper server configurations.
 

Phishing email leads to Denver area health care breach

February 07, 2012

Hackers may have accessed the personal health data belonging to patients of Denver area-based Metro Community Provider Network, a nonprofit health care provider for low-income individuals and families.
 

Patient data at U of M hospital breached

February 06, 2012

A thief broke into a doctor's car and stole a briefcase containing a flash drive that held personal data on patients of University of Miami Miller School of Medicine.
 

Indiana University hospital hacked to steal data

February 01, 2012

Malware may have allowed attackers to make off with the personal information of thousands of people connected to Indiana University Health Goshen Hospital.
 

Central Kentucky's largest group practice hit with patient data breach

January 31, 2012

A laptop containing personal information of patients was stolen from the neurology department of Lexington Clinic on the night of Dec. 7, 2011.
 

Keep taking the tablets...

David Harley, ESET senior research fellow • January 25, 2012

Taking your Android's pulse before you give it access to your health records.
 

Loma Linda hospital worker fired for taking home private records

January 04, 2012

The private medical records belonging to some 1,300 patients and/or their guarantors at Loma Linda University Medical Center in California were compromised when a former hospital employee violated policy.
 

Getting serious about health care security

Peter Spier, manager of professional services, Fortrex Technologies December 06, 2011

Health care providers and their patients both have parts to play in the high-stakes game of protecting sensitive medical information, especially as technology becomes easier to implement and enforcement of regulations intensifies.
 

Sutter Health faces lawsuit after lost computer

November 23, 2011

The unencrypted data of 4.2 million Sutter Health patients went missing last month, and now the health care providers faces legal action.
 

Sutter Health loses computer, data on 4.2 million

November 16, 2011

Northern California-based Sutter Health is the second major health care organization to fall victim to a major breach of unencrypted data.
 

Taking a pulse: SC Health Care Roundtable

November 01, 2011

Data protection traditionally has lagged at health care organizations when compared to other industry verticals, and emerging technology like mobile devices and cloud computing doesn't make the challenge any easier.
 

Defense Department facing $4.9B lawsuit over breach

October 17, 2011

A suit contends that the defendants failed to properly encrypt data, then "intentionally, willfully and recklessly" allowed an untrained individual to access the information.
 

Delaware pediatric health facility loses data on 1.6 million

October 11, 2011

Three unencrypted backup tapes containing the personal information of more than a million and a half individuals have gone missing from Nemours, a children's health system in Wilmington, Del.
 

Lost backup tapes affect 4.9 million current, former military

September 29, 2011

One of the largest breaches of the year has struck a military health benefits firm and a major defense contractor, and the data wasn't encrypted because a compliant solution wasn't available.
 

Losing medical data

David Harley, ESET senior research fellow • September 26, 2011

Apparently, the loss of sensitive medical data is not purely an English disease.
 

New cybersecurity alliance launches in Massachusetts

September 22, 2011

The Advanced Cyber Security Center will partner businesses and research universities to share threat information and develop more effective defense strategies.
 

Ontario hospital employee accesses PHI

September 09, 2011

An employee of North Bay Regional Health Centre in Ontario, Canada accessed without permission the personal health information (PHI) of thousands of patients.
 

Data of 20k patients of Stanford University hospital exposed

September 08, 2011

A database with data on 20,000 patients at Stanford University's hospital in Palo Alto, Calif. was made available on a website.
 

More insiders snooping into health records, says survey

August 31, 2011

Breaches into protected health information (PHI) are on the rise, and staffers are responsible for more than a third of the intrusions, a new survey has found.
 

IT worker pleads guilty to crippling ex-employer's network

August 18, 2011

Jason Cornish, 37, of Smyrna, Ga., faces up to 10 years in prison and a $250,000 fine for breaking into the computer network of the U.S.-based subsidiary of a Japanese pharmaceutical company
 

Me and my job: Convincing execs that business continuity is more than backing-up data

Stieven Weidner manager, business continuity, Catholic Health East August 01, 2011

Working in the security office is actually an ideal spot for the business continuity professional, says Stieven Weidner manager, business continuity, Catholic Health East.
 

Seattle hospital data exposed online

July 29, 2011

Swedish Medical Center, the largest nonprofit health care provider in the greater Seattle area, is alerting current and former employees that their personal information was inadvertently accessible online for several weeks.
 

Thousands of Ontario cancer test results may be lost in the mail

July 26, 2011

Records containing the personal health information of thousands of Ontario citizens who participated in the province's colon cancer screening program may have gone missing.
 

Computer theft impacts 400K S. Carolina patients

July 19, 2011

In one of the largest health care data breaches this year, a computer containing hundreds of thousands of patient records was stolen from South Carolina's Spartanburg Regional Healthcare System.
 

UCLA Health System fined over celebrity patient snooping

July 11, 2011

UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.
 

Colorado agency loses medical aid applicants' data

July 07, 2011

A computer disk containing the personal information of thousands of medical aid applications has gone missing from the Colorado Department of Health Care Policy and Financing.
 

California state workers' data taken from state offices

July 01, 2011

The personal information of thousands of current and former California state employees was improperly copied to a hard drive and removed from state offices.
 

Signing on the dotted line of HIPAA

Bryan Cline, CISO and director of information security at Catholic Health East July 01, 2011

Given that a misrepresentation of the facts during attestation could result in civil and criminal penalties, what does a health care executive need to feel comfortable about before signing on the dotted line?
 

California workers' compensation data exposed online

June 21, 2011

Electronic files containing the personal information of hundreds of thousands of individuals who have applied for California workers' compensation benefits were mistakenly exposed online.
 

Clinical mobility: cGate Health and FireHost

June 16, 2011

Maintaining protection of clinical data and patients' personal information is the top priority for a health care provider with a focus on mobile devices, reports Greg Masters.
 

Patient data stolen from California medical group

June 09, 2011

The medical information of thousands of individuals was compromised after thieves raided the offices of California medical group HealthCare Partners.
 

More than 30 hospital workers fired for snooping

May 10, 2011

Thirty-two employees were fired from two hospitals in Minnesota after they viewed electronic records belonging to patients who were hospitalized after overdosing at a house party, according to a report in the Minnesota Star-Tribune. The employees, who worked at Unity Hospital in Fridley and Mercy Hospital in Coon Rapids, do have access to certain records, but in this instance, had no legitimate reason to view the documents. As hospitals transition to electronic health care records, more instances of unauthorized access, such as cases last year in California, have cropped up.
 

Advanced threats: Assume the worst

May 02, 2011

In today's sophisticated malware and intrusion tactics, organizations should already assume they have been compromised. The key is readiness, says Larry Whiteside, CISO, Visiting Nurse Service of N.Y.
 

Connecticut hospital loses more than 90,000 patient records

April 07, 2011

MidState Medical Center, located in Meriden, Conn., has reported missing a hard drive containing the personal information of tens of thousands of hospital patients.
 

Health Canada in cannabis security breach

April 06, 2011

Health Canada sent the private information of two individuals to a Toronto resident inadvertently last month in a security gaffe.
 

Scaled down, armored up: Small and midsized business protection

April 01, 2011

For many small and midsize businesses, neglecting IT security is a thing of the past, reports Angela Moscaritolo.
 

Sensitive data goes missing from Illinois childcare agency

March 31, 2011

A Des Plaines, Ill.-based social service agency that serves abused children revealed late last week that three computer files containing personal and medical information of almost 4,000 children have gone missing.
 

Texas hospital hacker sentenced to nine years

March 21, 2011

A former Dallas hospital guard was sentenced last week to nine years in federal prison for breaking into hospital computers, planting malicious software and planning a distributed-denial-of-service (DDoS) attack.
 

Health Net breach prompts investigation, affects 1.9M

March 15, 2011

Managed health care provider Health Net revealed this week that it lost the personal information of nearly two million current and past enrollees, its second massive breach in 16 months.
 

Medical ID theft on the rise, says new study

March 15, 2011

Consumers are not familiar enough with the dangers of medical identity theft, according to a Ponemon study released this week.
 

NYC hospital system breach affects 1.7 million

February 24, 2011

The New York City Health and Hospitals Corp. (HHC), the city's municipal hospital system, has begun notifying 1.7 million individuals about the theft of electronic record files that contained their personal information.
 

Views regarding PCI compliance are mostly positive

January 12, 2011

A new survey from Cisco reveals that organizations are getting better at handling their obligations to meet payment industry security guidelines.
 

Red Flags Rule will not apply to certain professions

December 21, 2010

Services providers such as lawyers, doctors and accountants will not have to comply with the Federal Trade Commission's Red Flags Rule.
 

Bad medicine: Can poor data security result in death?

Charles Jeter, ESET cybercrime investigator November 29, 2010

Medical records could become compromised during transmission, on the patient's computer, or at any number of multiple points of storage.
 

Class-action lawsuit brought against AvMed over breach

November 23, 2010

A Florida-based health insurance provider has been hit with a class-action lawsuit after it revealed earlier this year that thieves had stolen two company laptops containing the personal information of members.
 

Sensitive laptop stolen from Detroit hospital

November 22, 2010

A laptop containing sensitive patient information was recently stolen from Henry Ford Health Systems in Detroit.
 

Breaches cost health care industry $6 billion annually

November 09, 2010

Despite facing stricter privacy and security regulations, hospitals still are struggling to protect patient information, and breaches cost the health care industry $6 billion annually, according to a new study.
 

Hacker accesses Louisiana EMT licensing database

November 09, 2010

An unauthorized individual recently gained access to a Louisiana state licensing database that contained the personal information of tens of thousands of emergency medical technicians (EMTs).
 

Indiana attorney general sues WellPoint over breach

November 02, 2010

The Indiana Attorney General's office has filed a lawsuit against Indianapolis-based health insurance provider WellPoint for taking months to notify state residents whose personal information was breached.
 

Penn. Medicaid recipients' information on missing flash drive

October 22, 2010

Two health insurers said a flash drive containing the personal health information of hundreds of thousands of Pennsylvania Medicaid recipients has gone missing.
 

Texas insider sentenced to 15 years for medical ID theft

October 19, 2010

A Texas woman's 15-year prison sentence for stealing hospital patient information underscores a continued upswing in medical identity theft cases.
 

Virus strikes University of Oklahoma computer

October 12, 2010

A virus recently compromised a clinic computer at the University of Oklahoma-Tulsa neurology practice to possibly retrieve sensitive documents on the machine.
 

TECH Rx: Technology and health care

October 01, 2010

The move to electronic medical records presents challenges, but tech solutions offer help for health care practitioners, reports Greg Masters.
 

Personal data of unemployed Oregon residents, psychology patients stolen

August 16, 2010

Two Oregon car burglaries in the past week have resulted in the loss of the personal information of thousands of Portland, Ore. psychology patients and unemployed state residents.
 

Laptop containing patient data stolen from Philadelphia hospital

August 04, 2010

A laptop containing the personal information of patients was stolen from an office at Thomas Jefferson University Hospital in Philadelphia.
 

Sensitive thumb drive missing from New Jersey hospital

August 02, 2010

A thumb drive containing the personal data of current and former graduate medical education residents and fellows at Cooper University Hospital in Camden, N.J. has gone missing.
 

Hospital: files with personal, medical data on 800,000 gone

July 20, 2010

A Massachusetts hospital disclosed this week that records containing sensitive information, ranging from names and Social Security numbers to medical diagnoses and bank account data, was lost by a third-party contractor.
 

Health care security: feeling better yet?

Peter Spier, senior risk management consultant, Fortex Technologies July 13, 2010

As health care entities face new compliance demands, a free framework could offer some help.
 

University of Maine student information exposed

June 30, 2010

Hackers recently gained access to a pair of file servers containing the personal information of University of Maine students who received counseling services at the school for the past eight years.
 

HIPAA encryption: meeting today's regulations

Sang Lee, senior security analyst, AlertBoot June 30, 2010

The author wades through NIST standards to help organizations select the best encryption technology to satisfy federal health care data protection mandates.
 

Personal data exposed on Anthem Blue Cross website

June 25, 2010

The personal information of hundreds of thousands of Blue Cross customers was recently exposed following a website glitch made by a third party.
 

Five California hospitals fined for patient record snooping

June 14, 2010

The California Department of Public Health has doled out fines to five hospitals for failing to protect patients' medical information. The hospitals, which included Ronald Reagan UCLA Medical Center in Los Angeles, were assessed a total of $675,000 in penalties for violating state privacy laws that prohibit employees from snooping on confidential patient records, the agency said last week in a statement. Community Hospital of San Bernardino received the largest single fine — $250,000 — for failing to prevent an employee from viewing private data of 204 patients. — DK
 

Walking the tightrope: social media and data protection in the enterprise

Mark Menke, chief technology officer, Code Green Networks June 03, 2010

Organizations may want to second-guess a more restrictive strategy on website access and settle on a more pragmatic approach.
 

FTC delays Red Flags Rule enforcement until end of year

May 28, 2010

The Federal Trade Commission is, for the fifth time, pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rule.
 

Charlotte, N.C. notifies thousands of city workers of data loss

May 27, 2010

The city of Charlotte, N.C. recently notified thousands of current and former city employees that their personal information went missing in the mail.
 

Cloud computing: Up in the air, and back down on the ground

Michael Donnelly, application solutions architect, Sendmail May 17, 2010

To avoid unintended consequences, organizations considering moving applications, such as email, to the cloud must ask lots of questions.
 

Laptop theft puts thousands of N.M. Medicaid users at risk

May 13, 2010

An unencrypted laptop containing the personal information of thousands of New Mexico citizens enrolled in the state's Medicaid Salud plan was stolen in late March.
 

Kentucky psychiatric hospital loses sensitive flash drive

May 03, 2010

A flash drive containing personal patient information recently went missing from Louisville, Ky.-based psychiatric hospital Our Lady of Peace.
 

Laptops stolen from California health care organization

May 03, 2010

Five stolen laptops containing tens of thousands of medical records were recently stolen from Fullerton, Calif.-based St. Jude Heritage Medical Group.
 

Health worker is first HIPAA privacy violator to get jail time

April 28, 2010

A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities.
 

Health information contained on physician's stolen laptop

April 20, 2010

A laptop containing the demographic and health information of thousands of patients was recently stolen from a physician affiliated with the Massachusetts Eye and Ear Infirmary.
 

Sensitive laptops stolen from California hospital system

April 07, 2010

Two laptops containing sensitive patient information recently were stolen from California-based hospital system John Muir Health.
 

RSA Conference: Health care information security pros discuss data security

March 03, 2010

Protecting health data becomes more difficult in a socially networked world, but blocking access to these popular sites is being met with dissent, a panel of health care CISOs said Wednesday at the RSA Conference.
 

Is increased government regulation the answer to increased privacy protection?

Glen Kosaka, director of marketing, Trend Micro February 25, 2010

Data breaches involving privacy information continue to increase despite the costs, embarrassment and negative publicity associated with them.
 

Newly discovered Zeus spinoff botnet has wide impact

February 18, 2010

The "Kneber" botnet is made up of 74,126 machines from nearly 2,500 organizations that were infected with a variant of Zeus, according to researchers at a network security firm.
 

Sensitive laptops stolen from Fla. health insurance provider

February 11, 2010

The theft of two company laptops from Florida- based health insurance provider, AvMed Health Plans, may have exposed the personal information of current and former subscribers and their dependents.
 

Laptop containing UCSF medical school patient information stolen

February 01, 2010

A laptop containing sensitive patient information was recently stolen from an employee of the University of California San Francisco (UCSF) School of Medicine.
 

Thief steals 57 hard drives from BlueCross BlueShield of Tennessee

January 22, 2010

Stolen computer hard drives belonging to BlueCross BlueShield of Tennessee contained sensitive member information.
 

Connecticut attorney general sues over breach

January 14, 2010

The Connecticut attorney general, using new authority granted under the HITECH Act, is suing a managed health care provider over a data breach that potentially exposed the personal data of 446,000 state residents.
 

Survey finds lax health care privacy in United States

October 20, 2009

Despite regulations mandating protection of health care records, more than half of American hospitals fail to take appropriate steps to safeguard the privacy of patients, according to a new survey of health care IT security professionals.
 

Blue Cross Blue Shield Association affirms laptop breach

October 07, 2009

An unencrypted personal laptop, carrying the personal information of hundreds of thousands of doctors nationwide, was stolen over the weekend.
 

Privacy groups blast new health care notification rule

September 22, 2009

Privacy advocates are questioning a provision of the new health care breach notification rule, which states that organizations only need to alert victims if they believe disclosure of the information "poses some harm."
 

Health care breach notification mandated

August 21, 2009

New breach notification mandates for health care organizations were promulgated this week, just as $1.2 billion became available to facilitate the move to digital medical records.
 

Free health care framework

August 20, 2009

The Health Information Trust Alliance (HITRUST) announced Thursday that its Common Security Framework (CSF) is available free. According to HITRUST, open access to the CSF can help health care organizations comply with HIPAA and the HITECH Act, support health information exchanges, and address business associate risk. The CSF is a standard IT security control framework developed specifically for health care data. — CAM
 

Black Hat: Vulnerability mitigation is working, sort of

July 29, 2009

Efforts to reduce security vulnerabilities seem to be paying off, but IT administrators are not paying enough attention to application bugs, a CTO said Wednesday at the Black Hat conference in Las Vegas.
 

First lady's safe house location leaked on P2P

July 29, 2009

Also found: a listing of the locations of all U.S. nuclear facilities and a document containing the personal information of hundreds of thousands of U.S. military members.
 

Patient data check-up: First Medical Management and Fortinet

July 23, 2009

First Medical Management, a health care services provider in California, found a simple way to protect patient records and hospital data, reports Greg Masters
 

Health care organizations unprepared for digital transition

July 22, 2009

Most health care organizations do not have data loss prevention technologies or a CISO, while, for many, tight security budgets and required third-party interactions pose additional challenges, according to a new study by Deloitte.
 

"Fourth of July" hacker jailed after hospital hack

July 02, 2009

A Dallas hospital guard was ordered to jail following his arrest on charges of breaking into computers, planting malicious software and planning a massive distributed-denial-of-service (DDoS) attack on the Fourth of July.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws