Small, and perhaps so common that they
don't make in into the local newpapers.
HHIS updated its breach
tool this week, adding a baker’s dozen of incidents.
Significantly, 6 of the 13 involved stolen laptops
while 3 others involved theft or loss of electronic devices.
Two of the 13 incidents were already
known through either media coverage or reports to a state’s
attorney general. In both cases, HHS’s breach tool disclosed the
number of patients affected, which neither entity had done in their
disclosures to media or patients:
- Heyman HospiceCare at Floyd reported a laptop theft previously noted here. According to their disclosure to HHS, 1,819 patients had information on the stolen laptop.
- Crescent Health Inc. – a Walgreens Company reported computer theft that affected 109,000. It’s not clear from HHS’s entry whether the 109,000 refers to patients and employees, or just patients, as both patients and employees were impacted by this breach.
I did some digging to find details for
the reports where we had no previous information:
- County of San Bernardino Department of Behavioral Health reported that limited information on 683 clients was contained in documents stolen from a County of San Bernardino Department of Human Services‘ employee’s car on January 12. The information included names, dates of birth, DBH medical record number, and indication that services were provided by DBH.
- Catoctin Dental (Richard B. Love, D.D.S., P.A.) reported that 6,400 patients had information on a server hacked from overseas. In a February 22nd notification to patients, they write that name, address, date of birth, phone number, social security number, dental plan information, photographs and radiographic images, and some personal health information may have been accessed, as well as less than 100 e-mail addresses. In a subsequent letter, however, they note that forensics indicated that the data had neither been stolen nor read.
- Kindred Healthcare, Inc. d/b/a Kindred Transitional Care and Rehabilitation in Massachusetts reported that 716 patients had information on a “portable electronic device” that was stolen between December 15 and December 17, 2012. A statement on their web site indicates that the information was on backup tapes in a safe that was stolen during an office burglary. Some of the information on the tapes included name, diagnosis, social security number, medications, Medicaid number, and other clinical information. Note that this was Kindred’s third office burglary involving theft of safes containing backup tapes. I blogged about two similar incidents they had here. I hope law enforcement and HHS are investigating how this chain had three similar breaches in less than one year.
- Center for Pain Management, LLC in Maryland reported that 5,822 patients had information on two laptops stolen on January 22. According to a notice on their web site and patient notification letter, the laptops were stolen from their Rockville office and contained patients’ visit and procedure notes with names, dates of birth, medical history, medical diagnoses, and procedures performed, such as injections.
- HomeCare of Mid-Missouri, Inc. reported that 4,027 patients had information on a laptop stolen on December 14. A copy of their February 14th notification letter on their web site indicates that it was stolen while being transported between the office and home care visits. Patient information on the laptop included names, dates of birth, Social Security numbers, addresses and phone numbers, and a description of services provided by the agency.
In Part 2, I’ll describe the other
newly disclosed breaches. I’m just waiting for responses to some
inquiries I sent out to see if I can get additional details on those
incidents. Please check the site for the Part
2 post later today.
(Related)
Sometimes concerns arrive before the
warnings.
Although the HIPAA
Omnibus Rule is a step in the right direction for protecting health
information, the regulation still leaves large privacy gaps, says
patient advocate Deborah Peel, M.D.
“HIPAA
Omnibus finally affirmed that states can pass laws that are
tougher than HIPAA, and that’s really good news because HIPAA
is so full of flaws and defects that we are concerned that what is
being built and funded will not be trusted by the pubic,”
Peel says in an interview with HealthcareInfoSecurity during
the 2013
HIMSS Conference.
You can listen to the interview here.
Lawyers trying to automate the practice
of law? (Moer likely, read these and see why you should hire a
lawyer...)
Your
Startup’s Legal Docs: Now on GitHub
GitHub
is fast becoming the home of open source software development, but
lawyers can use it too.
Nearly a year ago, Twitter Lawyer
Benjamin Lee posted
Twitter’s groundbreaking
Innovators Patent Agreement to the social coding website, where
it immediately received a few typo fixes and minor modifications.
Now one of Silicon Valley’s star
legal firms, Fenwick & West, is posting
a set of legal documents to GitHub that startups can use when
lining up their first stage of venture funding. The
30 pages of “Series Seed”
documents have been available in open source form for several years,
but these days it only makes sense to share them on GitHub, which has
become a standard tool for Silicon Valley startups, says Ted Wang,
the Fenwick & West partner who released the docs.
Comparable to suing the NSA here.
Should be most interesting...
"A Court of Appeal judgement
released today has ruled
in favor of Kim Dotcom and will let him sue the Government
Communications Security Bureau (GCSB) alongside New Zealand Police.
During the High Court case, it emerged that the GCSB had been
illegally spying on Dotcom prior to the raid on his Coatesville
mansion, on behalf of the FBI, who now wants the Megaupload
millionaire extradited
to face trial in the US over copyright infringements."
Completely unrelated.... Catch 22
spreads!
Feds
Demand Dismissal of Dragnet-Surveillance Challenge
Citing week-old Supreme Court
precedent, the President Barack Obama administration told a federal
judge Wednesday that it should quash a federal lawsuit accusing the
government of secretly siphoning Americans’ electronic
communications to the National Security Agency without warrants.
The San Francisco federal court legal
filing was in response to U.S. District Judge Jeffrey White’s
written
question (.pdf) to the government asking what to make of the high
court’s Feb. 26 decision halting a legal challenge to a once-secret
warrantless surveillance project that gobbles up Americans’
electronic communications — a program that Congress
eventually legalized in 2008 and again in 2012.
In that case, known as Clapper,
the justices ruled 5-4 that the American Civil Liberties Union,
journalists and human-rights groups that sued to nullify the FISA
Amendments Act had
no legal standing to sue. The justices ruled
(.pdf) the plaintiffs submitted no evidence they were
being targeted by that law.
So was it mearly a trial ballon or did
they actually want to do this?
"Bowing to significant
unfriendly customer feedback regarding its new 'no
transfer' license for Office 2013, Microsoft has reconsidered and
will
now allow Office 2013 licenses to be transferred between computers.
Actual license language will not be reflected for a few months for
shipped products, but Microsoft
will allow transfer of license effective immediately. Calls to
customer support will be necessary, as the activation servers won't
be updated for a few months."
Perspective. When we start mining “Big
Data” we're going to need big shovels...
"Virgin Atlantic is preparing
for a significant increase in data as it embraces the Internet of
Things, with a new fleet of highly connected planes each expected to
create
over half a terabyte of data per flight. IT director David
Bulman said: 'The latest planes we are getting, the Boeing 787s, are
incredibly connected. Literally every piece
of that plane has an internet connection, from the
engines, to the flaps, to the landing gear. If there is a problem
with one of the engines we will know before it lands to make sure
that we have the parts there. It is getting to the point where each
different part of the plane is telling us what it is doing as the
flight is going on. We can get upwards of half a terabyte of data
from a single flight from all of the different devices which are
internet connected.'"
No comments:
Post a Comment