Feb 202019

Cameron Houston and Anthony Colangelo report:

A cyber crime syndicate has hacked and scrambled the medical files of about 15,000 patients from a specialist cardiology unit at Cabrini Hospital and demanded a ransom.

The attack is now the subject of a joint investigation by Commonwealth security agencies.

Melbourne Heart Group, which is based at the private hospital in Malvern, has been unable to access some patient files for more than three weeks, after the malware attack crippled its server and corrupted data.

So this is a situation in which we might understand why an entity would pay the demanded ransom, but in this case, the ransom may have been paid but the data were reportedly corrupted when the entity went to decrypt.

Read more on The Age.

Feb 192019

Jennie Russell reports:

Alberta’s privacy commissioner is investigating whether Alberta Health Services properly safeguards the public’s personal health information after CBC News revealed the electronic system housing it was vulnerable to outside security threats.

A 2018 assessment by an external security firm found several “significant risks” with the health authority’s administration of the Alberta Netcare Portal. The system gives health-care providers access to key information from a patient’s medical file, such as laboratory test results and hospital visits.

Read more on CBC.

Feb 192019

John Leyden reports:

Calls recorded by a Swedish national health service hotline were stored on an unencrypted system that was publicly accessible to anyone with an internet connection, it has emerged.

An estimated 2.7 million phone calls were discovered to have been left open by an unprotected NAS (network attached storage) system, and were accessible without a password or any authentication, according to local reports.

Wav on MP3 files were reportedly stored but are no longer available.

An estimated 170,000 hours of calls dating back to 2013 were exposed, tech title ComputerSweden reports.

Read more on The Daily Swig.

Feb 172019

Pachico A. Seares reports:

WHEN Dr. Wyben Briones owned up the profession’s mantra of confidentiality to news reporters more than 10 years ago, the local medical community was stung with the embarrassment over the “rectum canister scandal.”

A video clip was passed from phone to phone and uploaded on YouTube, showing doctors and nurses at the operating room of Vicente Sotto Medical Center in Cebu City laughing “boisterously” as a surgeon removed a perfume canister from the rectum of a homosexual. Breach of the male patient’s privacy was clear even though his face was not shown. His plight was announced to the world as news outlets across the globe picked up the story.

Last Feb. 8, in the Tuburan, Cebu district hospital, while a patient howled, bloodied from multiple gunshots, a nurse took a video of his agony and passed on the clip to three other nurses who circulated it on social media. Another breach of the patient’s privacy, though the story had less human interest and didn’t make it to the world press.


The Tuburan hospital chief cited the Data Privacy Act of 2012 (Republic Act 10173). The law refers to disclosure in the “processing of sensitive and personal information” and the personal information includes “health and sexual life” of the patient.

But “processing” of information that doctors and nurses do rarely includes photo-taking and video recording. The Tuburan chief of hospital even said he bans phones when personnel are on duty. They don’t need to take photo or video while treating the patient. Without the images, doctors and nurses wouldn’t have to resist social media’s temptation to break one “core duty”: confidentiality.

Read more on SunStar. I’ve deleted the portion of the reporting that reveals what the consequences were to staff for these breaches.  Think about what you think the consequences should have been, and then go read the rest of the story to see what actually happened.

Feb 172019

Michael Seiden reports:

Piles of partially burned medical records were discovered across the street from a metro Atlanta medical center, Channel 2 Action News has learned.

Southside Medical Clinic said they have no idea how the records got there.

A viewer alerted Channel 2’s Michael Seiden to the issue in a parking lot across the street from the clinic. Seiden went to an abandoned building across the street, where he found hundreds of patient documents in a dumpster and others stored outside in shipping crates.

Read more on WSBTV.