Feb 252018

Mary Katherine Wildeman and Lauren Sausser report:

Thirteen employees were fired in 2017 from the Medical University of South Carolina after administrators determined they had broken federal law by using patient records without permission, spying on patient files or disclosing private information.

Some of these privacy breaches involved high-profile patients.

Read more on Charleston Post and Courier.

Feb 242018

KHOU reports:

Information about City of Houston employees’ health insurance may have been compromised after an employee’s laptop computer was stolen.

City officials say the laptop was stolen from the employee’s car on Feb. 2. They say the password-protected computer may have contained city employees’ records, including names, addresses, dates of birth, Social Security numbers and other medical information.

Read more on KHOU.

Feb 222018

Lyle Adriano reports:

The Ontario Superior Court has ruled that an insurance company is obligated to defend a hospital employee against a privacy breach lawsuit by a former patient.

In the case Oliveira v. Aviva Canada Inc., the ex-patient alleged that the employee – who is not involved in providing care to the patient – breached the patient’s privacy by frequently accessing the patient’s medical records without a legitimate reason.

Read more on Insurance Business Canada.

Feb 212018

Evan Sweeney reports:

The U.S. Supreme Court has denied an appeal filed by CareFirst to review a case stemming from a 2014 data breach.

The Supreme Court issued its decision on Tuesday, eliminating the possibility, for now, that the court will weigh in on questions about whether the possibility of harm from a data breach is enough for victims to bring legal action. It would have been the first data breach case to reach the high court.

Read more on Fierce Healthcare.

Feb 212018

WVIR reports:

The University of Virginia Health System is notifying patients of a cyber attack that affected the hospital.

The hacker was able to get access to private medical records for 19 months.

The FBI discovered that a physician’s devices with the Health System were infected with malware, which allowed the hacker to see what the employee was viewing on devices at the same time.

According to the FBI, the hacker may have been able to view patient information from May 2015 to December of 2016.

Read more on NBC29.  See also WHSV.  It’s pretty good that they discovered the breach in December 2017 and have already made an arrest. They do not say how they discovered the breach, though, and why it wasn’t discovered much sooner.