Sarah Coble reports: A mix-up at a school in Worcestershire, England, caused parents to receive the COVID-19 test results of other people’s children. The data breach, reported today by the Evesham Journal, occurred at co-educational secondary school and sixth-form college The De Montfort School (TDMS) in Evesham, which is part of the Four Stones Multi...
If a covered entity detects a breach at the beginning of June 2021 but doesn’t notify patients until January 2022, will HHS think this is just fine? What if there was no encryption of data involved? Is it acceptable to take 7 months to notify patients if there are no unusual circumstances or request...
Tempo.co reports: Reports have emerged about an alleged massive data leak of Indonesian hospital patients’ medical information being sold in an illegal internet forum. Hackers claimed to have breached the Indonesian Health Ministry centralized server to obtain the data. According to a report by Antaranews, the data that were sold in the dark web contains 720 GB of personal...
Lisa O’Brien reports: The NHS trust which runs hospitals in Sandwell and Birmingham experienced a ‘significant IT data loss incident’ which ‘impacted upon staff and patient care’, a health chief has revealed. It is understood the incident happened last month and is said to have ‘disrupted’ over 20 systems across Sandwell and West Birmingham...
Saltzer Health, Idaho As 2021 wound down, Saltzer Health in Idaho reported a breach it had discovered on June 1. According to their notification, an employee’s email account had been compromised. Investigation showed the access began on May 25. On December 29, Saltzer issued a notice that disclosed the incident and reported that the...
Someone on Twitter asked me what the first breach of 2022 would be. The following public notice is not the first breach of 2022. It is a 2021 breach that just showed up after midnight in my news search this morning. And because it involves a third-party breach, we may see other covered entities...
It appears that a ransomware incident involving VPN Solutions LLC may have affected a number of covered entities, although so far, DataBreaches.net has only identified two confirmed cases: Surgery Group SC On December 17, Surgery Group SC in Illinois notified HHS about an incident impacting 500 patients. DataBreaches.net interprets that 500 number as a...
HIPAAJournal has a nice piece on HIPAA enforcement action over the years by state attorneys general. You can access it here.
Missed this one from Matthew Tso on December 20, so let’s get caught up: A privacy breach involving the personal details of 36 Hutt Hospital patients occurred after four pages of information were dropped in the street. The incident occurred in November, with a letter from the Hutt Valley District Health Board to affected...
Administrative fine imposed on psychotherapy centre Vastaamo for data protection violations