Tuesday, December 30, 2014

Insiders Involved in Sony Hack?

A number of news articles are reporting that the hack of Sony Pictures may have involved insiders.

CBS News says that cybersecurity experts are questioning if North Korea was actually behind the Sony Pictures cyberattack. The FBI has been briefed by a security firm who believes Sony insiders, possibly in the payroll and accounting departments, were key to implementing one of the most devastating attacks in history.

"[The insider] had both the access and the means to leak the sensitive Sony material."
- GotNews.com
Such devastation by malicious insiders who inappropriately access or leak data can be avoided by proactive detection with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) BREAKING: We Have IDed Two Female L.A.-Based Persons of Interest in Sony Leak - www.GotNews.com, 12/30/2014

Tuesday, December 23, 2014

Medical Office Insider Guilty of Patient ID Thefts

A billing specialist at a Kentucky medical practice stole patient identities and used the information to secure loans from online lenders for her own use.

She had been indicted by a federal grand jury on identity theft and using patient information under false pretenses in violation of the Health Insurance Portability and Accountability Act (HIPAA). Last week she pleaded guilty to some of the charges.

"[She] disclosed individually identifiable health information to another person...with intent to use the individually identifiable health information for commercial advantage and personal gain." -

It is unclear why the identity thefts went on for over two years. Healthcare organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Woman pleads guilty to identity theft, wire fraud - www.Messenger-Inquirer.com, 12/18/2014

Monday, December 22, 2014

Hospital Settles Data Breach Allegations

A Boston hospital has agreed to pay a $40,000 settlement and take action to prevent future breaches that affect patients' private data. The consent judgment alleges the hospital failed to protect the personal information and protected health information of more than 2,000 patients.

The Massachusetts attorney general, Martha Coakley, has been one of the most active state attorneys general when it comes to pursuing breaches.

"Healthcare providers must ensure that the privacy and security of sensitive patient information is protected."
- Attorney General Martha Coakley
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Boston Children’s Hospital Settles Data Breach Allegations - www.PHIprivacy.net, 12/19/2014

Friday, December 19, 2014

Regulators Increase Data Security Oversight

Financial industry cybersecurity practices are facing increased regulatory and enforcement agency scrutiny reflecting growing public concern over the security and infrastructure of financial institutions.

Regulatory agencies such as the NY Department of Financial Services as well as the Commodity Futures Trading Commission have recently stated that closer examination of the cybersecurity practices of organizations they oversee will be a priority.

"...the Department will take a close look at banks’ data breach detection abilities."
- Memorandum, NY State Department of Financial Services
In addition to reviewing cybersecurity governance practices the NY State Department of Financial Services will examine banks' data breach detection abilities. Organization seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Financial Industry Regulators Increase Data Security Oversight - www.InsidePrivacy.com, 12/11/2014

Thursday, December 18, 2014

Woman Sentenced for Patient ID Thefts, Fraud

A Virgina woman has been sentenced to five years in prison for stealing patients' identities and using the information to access existing credit cards or create new ones.

The personal information of about 200 patients was stolen from October 2012 through September 2013, according to court documents.

"[She] conspired, from October 2012 through September 2013, to steal the identities of at least 200 medical patients." - US District Court documents
It is unclear why the ID thefts went on for almost a year or who discovered them. Organizations seeking proactive detection of identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Suffolk woman sentenced in identity theft of patients - www.PilotOnline.com, 12/09/2014

Tuesday, December 16, 2014

Police Notify Hospital of Patient Data Theft

A Florida hospital was unaware of the theft of patients' data until law enforcement notified them.

The stolen stole personal information (PII) included patients' name, address, some social security numbers, date of birth, and limited insurance or medical information.

"the [data] thefts occurred in 2012 and 2013 but were not reported to the US Attorney's office until August 2014."

- PHIprivacy.net

Unfortunately identity theft and data breaches are often first discovered by law enforcement rather than the organization holding the PII. Organizations seeking proactive detection of privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Kirkbride Center patient data found in possession of criminal in Florida - www.PHIprivacy.net, 12/15/2014

Monday, December 15, 2014

Hospital Insider Stole Patient IDs for Tax Fraud

A lab technician at an Alabama hospital has been sentenced to two years in federal prison for his role in an identity theft tax refund fraud scheme.

The US Attorney's office said the technician, along with other people, stole patients' medical records which contained personal identification information (PII). He used the PII to file over 100 fradulent tax returns.

"[He]stole patient medical records, which included personal identification information." - US Attorney's Office
It is unclear how the identity thefts were discovered. Healthcare organizations seeking proactive detection of ID theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Flowers Hospital ID thief gets two years in prison - www.DothanEagle.com, 12/12/2014

Thursday, December 11, 2014

Nurse Arrested for Patient ID Thefts

A registered nurse (RN) at a Florida hospital emergency room has been arrested for stealing patient identities and using the information to purchase items and having them sent to her home. She has also been fired by the hospital.

Law enforcement discovered that this hospital insider was a suspect during their investigation of separate fraudulent credit card cases.

"...victims' information had been stolen while receiving treatment at [the medical center] emergency room."
- Manatee County Sheriff's Office
Rather than learn about ID theft from law enforcement or other third parties, healthcare organizations can proactively detect identity theft and privacy data breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ER nurse fired, accused of using patients' credit card info - www.HeraldTribune.com, 12/10/2014

Wednesday, December 10, 2014

$150,000 HHS Fine for Patient Privacy Breaches

A mental health organization in Alaska must pay a $150,000 Department of Health and Human Services (HHS) fine for HIPAA breaches that affected 2,743 patients. In addition to the monetary fine HHS is requiring implementation of a corrective action plan and reporting to OCR on its compliance program.

This latest fine is indicative of continued enforcement by the Office of Civil Rights (OCR). To date they have levied $26 million in monetary settlements against 24 HIPAA-covered entities found to have violated privacy, security and breach notification rules.

"HIPAA security policies and procedures...were not followed by the organization's employees for a seven-year period, from 2005 to 2012." - Healthcare IT News
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HHS slaps provider with $150K bill for HIPAA breach - www.HealthcareITnews.com, 12/09/2014

Tuesday, December 9, 2014

Hospital Privacy Breach Case Seeking Class Action Status

Although there have been a number breaches of patients' privacy at Canadian hospitals over the last few years one Ontario hospital is facing a possible class action suit.

Reportedly, 578 patients had their files inappropriately accessed by 14 staff members at an Oshawa health facility. The files included those of mental health patients over a 10-year period.

"the Court of Appeal [will] determine whether to allow a $5.6-million class-action suit over 280 breached medical records to go ahead. ."
- Michael Crystal, plaintiffs' attorney
It is unclear how these breaches were discovered. Healthcare organizations seeking to proactively detect privacy data breaches or identity theft can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Peterborough hospital privacy breach heading back to court - www.mykawartha.com, 12/04/2014

Monday, December 8, 2014

MD Arrested for 97K Privacy Breaches

A New York radiologist has been arrested for breaching the privacy of 97,000 patients by inappropriately accessing their confidential data.

The physician said he accessed and copied the patient information from multiple offices where he worked because he was planning to start a competing medical practice, according to District Attorney Kathleen Rice's office. DA Rice is calling for a change in state law to permit tougher charges in such cases. And a privacy attorney says federal charges for HIPAA violations might be appropriate in the case.

"Physicians are regularly entrusted with the health and well-being of their patients, so the abuse of trust in this case is particularly outrageous." - District Attorney, Nassau County, NY
It is unclear why the data thefts went on for four months. Healthcare organizations can proactively detect identity thefts and data breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Radiologist Arrested in Breach Case - www.HealthcareInfoSecurity.com, 12/08/2014

Friday, December 5, 2014

Hospital Insider Stole 82K Patient IDs

A Florida hospital reported its privacy third breach in two years, according to the Department of Health and Human Services (HHS).

In this latest breach an employee stole the identities of about 82,601 patients over a three year period. That information included names, dates of birth and Social Security numbers which can be used to file fraudulent tax returns, as one patient has already reported.

"the start date the latest data breach is exactly one day after a former data breach ended that impacted 2,560 individuals."
- Local 10 News
It is unclear why the identity thefts went on for two years. Healthcare organizations can proactively detect identity thefts and privacy breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Aventura Hospital and Medical Center reports data breach -www.Local10.com, 09/16/2014

Thursday, December 4, 2014

Banker Pleads Guilty to ID Thefts, Tax Fraud

A New York bank branch manager has plead guilty to identity theft and theft of public funds. He used customers' personal information (PII)to file fraudulent tax returns and then cashed the refund checks.

For three years, from 2010 through 2013, he stole $442,642.58 from the US Treasury, which as part of his plea he'll repay. He is scheduled to be sentenced in March of 2015.

"From approximately 2010 through 2013, Mejia participated in a scheme to fraudulently obtain and cash tax refund checks issued by the United States Treasury."
-US Attorney's Office, Southern District, New York
It is unclear why the identity thefts went on for three years and how they were discovered. Organizations seeking proactive detection of identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NY: Former Branch Manager Of Bank Pleads Guilty In Manhattan Federal Court To Cashing Over $400,000 In Fraudulently Obtained Tax Refund Checks - www.DataBreaches.net, 12/02/2014

Wednesday, December 3, 2014

Patients Just Learning of Hospital Insider ID Thefts in 2011

A Florida hospital has notified patients that three years ago a then employee accessed their personal information outside his normal job duties. The hospital learned of the breach when law enforcement alerted them.

This insider theft of identity information in 2011 included patients' names, dates of birth,and Social Security numbers. Hundreds of warning letters are being sent to patients.

"The breaches of patients' private information occurred three years ago."
Rather than learn about identity theft and privacy breaches from law enforcement, healthcare organizations can proactively detect them with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Baptist Primary Care Notifies Patients of Privacy Incident - www.ActionNewsJax.com, 11/26/2014

Tuesday, December 2, 2014

Curious Hospital Workers Breached Patients' Privacy

Two employees breached the privacy of 112 patients; they no longer work at the hospital.

The hospital stated the two employees “used their access privileges to the electronic health record (EHR) for unauthorized reasons — that is to satisfy their curiosity about patients with whom they had no care relationship.”

"It is completely unacceptable that staff members would breach a patient’s right to privacy."
- Mary Lyn Fyle, health authority's chief medical information officer
Reportedly the breaches were discovered after a third party approached the hospital's privacy office with allegations of inappropriate access to personal information. Rather than learn about privacy breaches from third parties, healthcare organization can detect them proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ‘Curiosity’ of Island Health employees led to privacy breach, probe reveals - www.VancouverSun.com, 11/26/2014

Monday, December 1, 2014

Hospital Insider Breached Patient Privacy for 3 Years

An employee of an Ohio hospital improperly accessed medical and personal data of 692 patients over a three year period.

The employee breached the hospital's electronic medical records (EMR) and saw names, home addresses, phone numbers, email addresses, medical and health-insurance account numbers and also some patients' Social Security numbers and personal financial account information, including credit card and debit card numbers.

"This sounds like a very serious case of medical identity theft."
- Pam Dixon, World Privacy Forum
The breach was not discovered until the hospital looked into an allegation of unauthorized access to its EMR. University Hospitals discovered Oct. 2 that the access occurred from January 2011 through June 2014. Healthcare organizations seeking to proactively detect privacy breaches, rather than have third parties bring them to their attention, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) University Hospitals: Employee gained unauthorized access to 692 patient files in breach - www.Cleveland.com, 11/28/2014

Wednesday, November 26, 2014

Government Agents Snoop on Sports Star

Twenty-four staff of the Judicial Investigation Department in Costa Rica are being investigated for improperly using the department's database to access personal information about Real Madrid and their goalkeeper Keylor Navas.

While it seems the inappropriate access of Navas' information was motivated by curiosity such use of the database is not authorized according to the department head Francisco Segura.

"there was no justification for their actions as agents only have authority to access the "information platform" during an investigation."

- Costa Rica's Judicial Investigation Department head Francisco Segura

It is unclear how long the snooping went on for or how it was discovered. Organizations seeking proactively detect privacy breaches can utilize low-cost on-demand SaaS analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Judicial agents in Costa Rica probed for snooping on personal data of Real Madrid's Navas - www.TimesColonist.com, 10/29/2014

Tuesday, November 25, 2014

Physician Sanctioned for Sharing Patient Data with Wife

This is an update on the January 2014 blog noting a physician had improperly shared information about 2,500 patients with his wife over a three year period.

The Department of Health and Human Services (HHS), and their agency the Office of Civil Rights (OCR), investigated the breaches and issued a report.

"The covered entity (CE)...reported that a CE-employed physician disclosed electronic protected health information (ePHI) to his wife without authorization." - HHS Summary
The HHS summary notes that the hospital sanctioned the physician and implemented new security policies and procedures. Proactive privacy breach detection can be accomplished with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Update on Coulee Medical Center Breach - www.PHIprivacy.net, 11/19/2014

Monday, November 24, 2014

Bank Insider Stole Customer Info for Competitor

A national bank has filed a suit against a competing institution claiming they hired one of their employees to steal customer information.

For a month before the employee left his position with the plaintiff he sent confidential information to his new employer. The new employer had set up an email account to receive customer names, tax returns, credit approvals, and other documents

"he transferred numerous tax returns, credit approvals and other documents from [the bank's] customers to his next employer in the weeks before he resigned"
- The New Jersey Law Journal
While the breaches of confidential information were discovered by a forensic review after the employee left they could have been detected proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) TD Bank Claims Rival Stole Customer Files - www.NewJerseyLawJournal.com, 11/20/2014

Friday, November 21, 2014

Hospital Insider Stole Patient IDs for Tax Fraud

While employed at two Detroit hospitals, a woman stole hundreds of patient identities and used the information to file fraudulent tax returns.

According to the US Attorney's office at least 305 people were identity theft victims and the scam netted $500,000 in refunds for the woman and her accomplice.

"...technology has made it easier than ever for [criminals] to commit identify fraud...." - US Attorney Barbara McQuade
It is unclear when the identity thefts started or when the were discovered. Healthcare organizations seeking proactive detection of identity thefts can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Feds: Identity thieves hit 2 metro Detroit hospitals - www.Freep.com, 11/18/2014

Thursday, November 20, 2014

Banker Gets Prison and $1.1M Fine for ID Thefts

A former Tampa Florida banker, who pleaded guilty in August 2014 to identity theft, was sentenced to seven and a half years in prison and a fine of $1.17 million.

While working at the bank she opened 292 bank accounts using 146 stolen identities. The sole purpose of the accounts was to launder fraudulently obtained federal income tax refund checks obtained by several co-conspirators, according to court documents.

"she opened 292 bank accounts using 146 stolen identities."
- US Attorney's Office, Middle District Florida
It is unclear over what period of time the identity thefts occurred or how they were discovered. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Regions banker gets prison time, $1M+ judgment in ID theft - www.BizJournals.com, 11/13/2014

Wednesday, November 19, 2014

Pharmacist Snooped on Family, Friends' Health Records

A UK pharmacist has been prosecuted by the Information Commissioner’s Office (ICO) after "unlawfully accessing the medical records of family members, work colleagues and local health professionals."

While working at two different healthcare clinics, he misused his computer access to snoop on people not included on the patients he was assigned to work on. Unlawfully obtaining or accessing personal data is a criminal offence under the UK's Data Protection Act.

"[The pharmacist] unlawfully accessing the medical records of family members, work colleagues and local health professionals."
- Information Commissioner’s Office (ICO)
The privacy breaches were discovered during an audit. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a whi
Sources:
(a) UK: Pharmacist who unlawfully spied on family and friends’ medical records prosecuted - www.PHIprivacy.net, 11/13/2014

Tuesday, November 18, 2014

Insider Breached Patients' Health Information

A former employee of a Canadian health ministry has reportedly inappropriately accessed the medical records of thirteen patients.

The people whose records were accessed are being contacted and a formal investigation is underway. In addition policies are being reviewed.

"A former employee had inappropriately accessed the personal health information of at least 13 people." - CTV News
The agency only discovered the breach after someone outside the ministry filed a complaint; it is unclear when the breach occurred. Rather than learn of inappropriate access from third parties, organizations can proactively detect such data breaches by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Province says former employee inappropriately accessed personal health info - www.CTVnews.ca, 11/14/2014

Monday, November 17, 2014

Patient Privacy Breached Six Times a Day

A survey of the National Health Service (NHS) by a privacy group found there had been 7,255 breaches, on average six times a day, of data protection rules in three years.

In at least 143 cases patients' private records were inappropriately accessed by NHS staff for "personal reasons." The watchdog group said the situation appeared to have “worsened” since a similar survey in 2011.

"There were also at least 143 cases when patients’ private records were accessed in appropriately by NHS staff for 'personal reasons'."
- Big Brother Watch
Emma Carr, director of Big Brother Watch, noted that information in medical records is of huge personal significance and for details to be maliciously accessed is completely unacceptable. She said urgent action is needed to ensure that medical records are kept safe. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NHS breaches data laws 'six times a day' - www.Telegraph.co.uk, 11/14/2014

Friday, November 14, 2014

Resort Staff Arrested for Stealing Guests' Credit Card Info

Several Florida resort staff have been arrested for stealing guests' credit card information and going on shopping sprees.

The ring leader of the group allegedly used his and other employees' passwords to access the resort's computer system. He then purchased and resold goods with the stolen information.

"The alleged ring leader used his and other employees' passwords to access the computer system."
- Keynoter and Reporter Newspapers
The thefts of guests' credit card information was discovered when victims contacted police about fraudulent charges on their cards. Rather than learn about such thefts from third parties, organizations can proactively detect them by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Key Largo resort staff accused of stealing from guests - www.KeysNet.com, 11/08/2014

Thursday, November 13, 2014

Terminated Worker Accessed Hospital Billing System

An terminated employee of a Kentucky hospital improperly accessed patient information on a billing database maintained by a third-party company. Names, addresses, dates of birth, and in some cases Social Security numbers and diagnosis, of 697 patients were breached.

While the breaches were discovered during an audit in April 2014 they had been going on for a year, between April 2013 and March 2014. The former employee's logon credentials to this outside vendor had not been disabled.

"When an employee is terminated, their login credentials to vendors’ databases with PHI must also be terminated. How often do you verify that it is actually being terminated properly?." - PHI Privacy
Healthcare organizations seeking to rapidly confirm all access has been disabled, rather than depending on an occasional audit, can utilize low-cost on-demand SaaS access analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Terminated employee continued to access Bon Secours’ patients’ billing information - www.PHIprivacy.net, 11/10/2014

Wednesday, November 12, 2014

Supermarket Employee Charged Over Payroll Data Theft

A supermarket employee arrested in March 2014 for stealing 100,000 of fellow employees' personal data has now been charged with fraud.

He has been charged with an offence under the Computer Misuse Act and another under the Data Protection Act, according to the UK's Crown Prosecution Service.

"[He was] charged with fraud after an investigation into the theft of payroll data from the supermarket firm relating to thousands of members of staff." - The Telegraph and Argus
Organizations in any industry can proactively detect identity theft and data privacy breaches by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Employee at Bradford-based Morrisons faces fraud charge over staff data theft - www.TelegraphAndArgus.co.uk, 11/11/2014

Tuesday, November 11, 2014

Financal Services Insider Sold Customer IDs

A Kansas man, while employed as an operations manager of a consumer finance company, stole customers' personally identifiable information (PII) and credit card numbers. He has been sentenced to three years in prison.

He used various employee credentials to login to his employer's databases and transfer account numbers and information including customers’ names, dates of birth and Social Security numbers in exchange for Bitcoins.

"he sold the account numbers in batches of 40 for $1,000."
- US Secret Service investigators."
Organizations seeking to proactively detect identity theft, even by users using others logon credentials, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Olathe Man Sentenced in G.E. Consumer Finance Computer Fraud Charge - www.InfoZine.com, 11/06/2014

Monday, November 10, 2014

2015 EHR Audits

The Office of the Inspector General (OIG) will continue to pay close attention to the healthcare industry's use of electronic health records (EHRs) – in particular HIPAA security, EHR incentive payments and fraud, according to their 2015 work plan.

"OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities," stated Daniel R. Levinson, U.S. inspector general.

"The EHR audits are coming." - Healthcare IT News
To date, $25 billion have been paid to healthcare providers as incentives to use EHRs. In 2015 the OIG will "perform audits of various covered entities receiving EHR incentive payments from the Centers for Medicare and Medicaid (CMS) and their business associates to determine whether they adequately protect electronic health information created or maintained by certified EHR technology." Healthcare organizations and business associates can proactively protect health data from identity theft and privacy breach by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More EHR audits to come in 2015 - www.HealthcareITnews.com,11/6/2014

Friday, November 7, 2014

Hospital Insiders Fired for Ebola Privacy Breaches

A Nebraska hospital fired two staff members for violating the privacy of a man that was being treated for Ebola.

The workers unauthorized accessed the patient's medical records. The hospital noted that the employees' actions violated federal patient privacy regulations, leading to their firing and "other corrective action."

"Prying eyes in health care an all too common problem." - LiveWellInNebraska.com
The privacy breaches were discovered during an audit of the hospital's electronic medical records (EHR). Rather than monitor access to only VIP patient records hospitals can audit staff access to all patient records by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Omaha hospital workers fired over Ebola privacy - www.OnLineAthens.com, 09/26/2014

Thursday, November 6, 2014

The Surprising Number of Insiders Who Can Steal Your Identity

People like to think they can trust people who represent organizations and companies they deal with but unfortunately there are some people who abuse their privileged access to your sensitive data.

An article in Business Insider enumerates the extensive variety of insiders who have stolen identities from their customers or clients such as accountants, healthcare workers, police, bank tellers, employers, and government workers.

"there are very few people you can trust with your personal information, and even some of the people you’re closest to could potentially betray your confidence."
- Business Insider
Organizations in every industry can proactively protect their clients and customers from insider identity theft by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) You Wouldn't Believe How Many People Could Easily Steal Your Identity - www.BusinessInsider, 09/30/2014

Wednesday, November 5, 2014

$25B in Meaningful Use Payments

Incentive payments to hospitals and professionals participating in the meaningful use program have topped $25 billion as of the end of the third quarter of 2014, according the the Centers for Medicare and Medicaid (CMS).

Under the 2009 economic stimulus package, health care providers who demonstrate meaningful use of certified electronic health records (EHRs) can qualify for Medicaid and Medicare incentive payments.

"The ONC expects the attestation numbers to increase as most providers wait until the "last minute" to attest."
- Dawn Heisey-Grove, Office of the National Coordinator for Health IT
The use of EHRs is expected to improve the quality of healthcare. However, their use may also facilitate the theft of patients' identities and medical information. Healthcare organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Meaningful Use Payments Reach $25B as of Sept. 30, CMS Says - www.HealthBeat.org, 11/04/2014

Tuesday, November 4, 2014

Insider Arrested for Stealing MD, Nurse Identities

An employee of a medical recruitment agency was arrested for stealing the personally identifiable information (PII) of some 17,000 physicians and nurses.

The stolen data included names, addresses, dates of birth, academic records, and workplace details. As he is believed to have been involved in a project to found a new recruitment agency, after quitting his former position, this sounds like a another case of insider theft to help start a competing firm.

"this sounds like another case of insider theft to help start a competing firm."
- DataBreaches.net
It is unclear how the breach was discovered. Organizations seeking to proactively detect theft of identities or intellectual property can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ex-systems engineer arrested over doctors’ data leak - www.JapanTimes.com, 10/14/2014

Monday, November 3, 2014

Hospital Insider Stole Patient IDs for Fraud

A patient registration specialist at a Texas hospital stole thousands of patients' identities so the he could use them to build a home health care business he founded in 2006.

He had his company's employees use the stolen information to cold call seniors for services they didn't need or could not qualify for. His home health business then submitted fraudulent bills to Medicare and Medicaid

"Authorities say he misused the private information of more than 3,000 patients."
- Dallas News
It is unclear over how many years the identity thefts occurred. The hospital learned of the ID thefts when a worker at the home health business contacted police to report the owner had patient lists from the hospital. Healthcare organizations can proactively detect identity thefts and privacy data breaches, rather than learn about them from third parties, by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ex-Parkland employee to plead guilty to Medicare fraud - www.DallasNews.com,10/31/2014

Friday, October 31, 2014

Employer Provided Health Benefits Targeted by Insiders

Legal consultants maintain that a great deal may be at stake for employers and benefit managers when data breaches occur in health care provider systems.

A health record is far more valuable than information stolen from a financial institution, according to Charles E. Harrell, partner at Duane Morris. “An electronic health record (EHR) would have enough information that you could create a false identity pretty quickly.”

"Employers have to be particularly mindful of the fact that people are out there trying to steal information."
- Charles E. Harrell, partner, Duane Morris
For employers, which administer health care coverage, payroll and other benefit systems, Harrell says “there’s a lot that we have to do.” A 2013 survey by Employee Benefit Research Institute found 156 million people had employment-based health benefits.

“Employers have to be particularly mindful of the fact that people are out there trying to steal information," says Harrell. Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health care data breaches impact employers, benefits security - www.ebn.BenefitsNews.com, 10/14/20`4

Thursday, October 30, 2014

School Shooter's Medical Privacy Violated

The parents of a boy who shot classmates at school have filed a lawsuit against the New Mexico hospital where he was treated claiming not enough was done to protect the privacy of their son's medical record.

The boy's medical record was inappropriately accessed by eight of the hospital staff. The parents are seeking compensatory and punitive damages from the hospital for "gross and reckless disregard of their son's rights.

"Eight staff members had "gross and reckless disregard of [his privacy] rights" when he was a patient at the hospital ." - News 4, Albuquerque
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Roswell shooter's medical privacy violated - www.KOB.com, 10/24/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.