Jun 192019

OK, I don’t think I’ve ever seen a breach report quite like this one, so grab your favorite beverage and read what Brett Kelman reports on a company that ran into trouble with regulators and then filed for bankruptcy…. and in the process, managed to lose access to all their patients’ stored records because the people who had access to the storage units no longer work for them!

This has to be one for the cautionary tales book you always wanted to write.

Kelman reports:

PainMD and its parent company, MedManagement, once owned or operated as many as 30 clinics in Tennessee, Virginia and North Carolina. Federal and state authorities have sued PainMD and its owners of defrauding the government out of millions by pressuring patients into unnecessary painful injections, then intentionally mislabeling the injections while billing Medicare, Medicaid and TriCare. Three PainMD nurse practitioners were indicted on these same allegations in April.


As part of bankruptcy filing, the company revealed that some patient medical records are maintained electronically, but that “many” patient records are kept in file boxes in storage. Medical records and charts are currently kept in at least 23 storage units spread across 10 companies. PainMD claims it can no longer enter any of these storage units because “everyone with access is no longer employed with company.”

That’s a problem for the storage companies too.

Read it all on The Tennessean.

Jun 192019

Sarah Jane Bell and Ross Kay report that an undisclosed numbers of Specsavers customers have had their personal and medical information stolen:

“Contents may include your name, date of birth, address, phone number, email address, clinical records of your optometry tests, and Medicare details,” the email read.

How the information was compromised is still being investigated, but it appears a physical computer server was stolen.

Read more on ABC.

Jun 192019

Dana Kozlov reports on tremendous amount of paper medical records left behind behind the now-shuttered former Medical Professional Home Healthcare Center in Chatham.

Read more on CBS and their follow-up here. 

So okay, folks, you really need to at least look at the pictures in those stories. It’s *disgusting* what has happened to patients’ records.

As you read the coverage, you’ll learn that the owner of the center, Carmen Dooley, had lost their state health department license in 2017 for failure to file the renewal papers. As a result, facility was also decertified by Medicare in 2017, and seems to have been shuttered then. But papers were left on-site it seems.  Until something happened now.

This is one of those cases where both the state and HHS/OCR should investigate and take enforcement action.

Jun 192019

Catalin Cimpanu reports:

Eatstreet, an online and mobile food ordering service, disclosed today a security breach that took place last month and during which a hacker stole the company’s database, complete with customer and partner details.

ZDNet has learned that responsible for this breach is Gnosticplayers, a hacker who previously breached many other online services, including big names such as Canva, 500px, UnderArmor, ShareThis, GfyCat, Ge.tt, Evite, and others.

Read more on ZDNet.