Hackers steal tens of millions of customer records from the US' second-biggest medical insurer. Hackers have stolen tens of millions of customer and employee records from Anthem, the second-largest health insurer in the United States, after they were able to break into a database containing personal information for around 80 million people.
Blood bank data breach leads to settlement. Wisconsin clinic notifies patients of information breach that occurred last summer. Leader of Florida ID theft ring convicted. Back in June 2012, the Department of Justice announced that Alci Bonannee had been arrested and charged with ID theft in a massive tax refund fraud scheme.
At the time, they found evidence that over 1,000 fraudulent returns had been filed by Bonannee and her co-conspirators between January 2011 and June 6, 2012. This week, Bonannee was convicted. Federal prosecutors claim that the ring that she headed had netted $11 million in federal tax refunds and involved the filing of approximately 2,000 fraudulent tax returns between December 2010 and June 2012.
Omnicell health data breach details emerge. Following a Dec. 21 announcement that Omnicell, University of Michigan Health System’s (UMHS) supply management system vendor, had lost unencrypted patient information due to stolen electronic equipment, more details about the other hospitals involved in the health data breach have surfaced.
Small data breach leads to $50,000 hhs settlement for hospice. In what HHS declares as “the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500 individuals,” the Office for Civil Rights (OCR) reached a $50,000 settlement and two-year corrective action plan with the Hospice of Northern Idaho regarding the theft of a hospice laptop containing health information of 441 patients.
eWeek. Patient data stolen from Temple Community Hospital. Temple Community Hospital in Los Angeles is warning about 600 patients that their personal and medical information was taken earlier this summer.
The theft occurred in early July, when someone stole a computer from a locked office in the radiology department, hospital staff announced Friday. The computer contained CT scans of patients, their names, the reason for the scans and the patients' hospital account numbers. The data included scans that occurred between Jan. 1 and July 2. The hospital has back-up copies of the scans. Hospital officials assured patients that their financial information, Social Security numbers and personal contact information was not on the computer.
Deputy U.S. marshal indicted in off-duty fatal shooting. Laptop with data for more than 55,000 patients stolen. Data for roughly 55,000 patients at Indianapolis-based Cancer Care Group was compromised after a bag with a laptop containing the company's computer server back-up media was stolen from an employee's locked vehicle last month.
The laptop, which was stolen on July 19, according to the Indianapolis Business Journal, contained names, addresses, birth dates and Social Security numbers for patients, as well as medical record numbers and insurance information. It also contained similar information about employees for the group, which boasts more than 20 oncologists. "There is no evidence to believe that the backup media were the target of the theft or that any of the information on the media has been accessed or used for fraudulent purposes," spokesman Clyde Lee said, noted TheIndyChannel.com. According to EHR Intelligence, Lee added that the group is in the middle of encrypting all mobile media and updating policies and procedures regarding data safety. The University of Texas M.D.
As Patients' Records Go Digital, Theft And Hacking Problems Grow. As more doctors and hospitals go digital with medical records, the size and frequency of data breaches are alarming privacy advocates and public health officials.
Keeping records secure is a challenge that doctors, public health officials and federal regulators are just beginning to grasp. And, as two recent incidents at Howard University Hospital show, inadequate data security can affect huge numbers of people. On May 14, federal prosecutors charged one of the hospital's medical technicians with violating the Health Insurance Portability and Accountability Act, or HIPAA. Hospital to Pay $750,000 to Settle Data Breach Charges Brought by Massachusetts AG. On May 24, a Massachusetts hospital agreed to pay $750,000 to settle alleged HIPAA violations relating to a 2010 data breach.
This was the largest settlement to date for actions initiated by attorneys general under HITECH. The complaint, brought by Massachusetts Attorney General Martha Coakley, resulted from the loss of back-up tapes with unencrypted personal data affecting some 800,000 individuals. The AG brought an action against South Shore Hospital alleging that it violated the HIPAA Privacy and Security rules and the Massachusetts data security regulations (“Standards for the Protection of Personal Information of Residents of the Commonwealth”) by failing to set up sufficient safeguards, policies, and procedures for information protection. We previously reported on key points for compliance with the Massachusetts Standards.
3 Massive Security Breaches in 3 Weeks: Taking a Closer Look - IDC Insights. While the introduction of ARRA in 2009 introduced heightened enforcement, increased reporting requirements and higher penalties for security breaches, the call for attention to security matters has clearly escaped sufficient attention among many healthcare organizations' investment priorities. Healthcare providers clearly need more comprehensive security measures, and cannot afford to wait to make investments in all areas of security, in order to avoid the multiple penalties associated with security failures. US health insurer fined $1.5m over 2009 data breach. U.S. health insurance company BlueCross BlueShield of Tennessee (BCBST) is being fined $1.5 million for a 2009 data breach in which unencrypted information on some one million BlueCross members was stolen.
According to Computerworld, BCBST is the first company in the US to face the consequences of this particular legislation. BCBST is an independent licensee of the BlueCross BlueShield Association, which is used by almost 100 million Americans. The fine comes on top of the $17 million the company has already spent on investigation, notification and protection. BlueCross BlueShield of of Tennessee has also agreed to a 450-day "corrective action plan" that includes encrypting all at-rest data - a voluntary move that "goes above and beyond current industry standards," its press release noted. Also, the Chattanooga-based company will monitor its workforce to ensure training and enforcement of policies and procedures. TX: Methodist Hospital employee stole cancer patients’ information for payday loan fraud. IU Health Goshen Hospital notifies applicants and patients that data may have been accessed.
AP reports that Indiana University Health Goshen is notifying more than 12,800 job applicants and patients that their personal information may have been obtained illegally through a computer virus.
Hospital spokeswoman Melanie McDonald says the virus was discovered Dec. 22. An internet security company hired by the hospital was not able to determine whether any information was accessed, just that someone tried to access it.McDonald said the hospital is sending letters to 12,374 people who applied for hospital jobs in the past several years and fewer than 500 patients who pre-registered for outpatient procedures over the internet that their names, addresses and Social Security numbers may have been compromised.
The South Bend Tribune, however, reports that for patients using the pre-registration site, the vulnerable information also included their insurance information. This is the second breach reported by Indiana University in the past week. UCLA Hospitals Sued Over Patient Data Breach. Sensitive Patient Records Found Scattered At Shopping Center. Stanford Hospital Patients’ Private Data Was Posted Online. NYC: Health Records Stolen From Van, 1.7 Million People Affected. FL: Healthcare Insurance Applications Found in Trash. Last month, I posted a breach story by Robert Siciliano about a then-unnamed insurance agency that had reportedly discarded Blue Cross Blue Shield insurance applications in a dumpster.
The files were found by investigator William “Cobra” Staubs, who was engaged in ”research.” Simon Barrett followed up on the incident and posted some pictures that suggest that the files may have belonged to Action Insurance Planners, LLC of Boca Raton. Computer Stolen Containing Research To Cure Prostate Cancer. Emily Wood, News 9 OKLAHOMA CITY -- An Oklahoma couple is urging thieves to return a stolen computer they say has the power to save millions of lives. Last Sunday, Sook Shin was carrying a possible cure for cancer on a small Apple computer with years worth of data. "I cannot eat and sleep since last Sunday," said Shin. "I'm devastated and I feel so guilty. " Shin and her husband are leading cancer researchers at an OU research lab.
"It has been a long journey up to now," said Shin. The couple stopped at Panera on north Western Avenue to grab a meal before heading back to the lab. Geisinger reports patient security breach in Wilkes-Barre area » News » The Daily Item, Sunbury, PA. WILKES-BARRE — The Geisinger Health System could get hit with a hefty fine because a doctor at Geisinger Wyoming Valley used e-mail to send patient information to his home computer, a possible violation of strict federal health privacy rules that took effect this year. On Monday, Geisinger announced that it notified 2,928 patients that on or about Nov. 3, protected health information was e-mailed to a home account of a former Geisinger gastroenterologist.
The information included, patient names, Geisinger medical records, procedure, indications and the physician’s brief impressions regarding the care provided. Personal Health Information Privacy. Health Privacy. Lost AmeriHealth Mercy Flash Drive Exposes Data of 280,000 Medicaid Members - Health Care IT from eWeek.