Friday, October 31, 2014

Employer Provided Health Benefits Targeted by Insiders

Legal consultants maintain that a great deal may be at stake for employers and benefit managers when data breaches occur in health care provider systems.

A health record is far more valuable than information stolen from a financial institution, according to Charles E. Harrell, partner at Duane Morris. “An electronic health record (EHR) would have enough information that you could create a false identity pretty quickly.”

"Employers have to be particularly mindful of the fact that people are out there trying to steal information."
- Charles E. Harrell, partner, Duane Morris
For employers, which administer health care coverage, payroll and other benefit systems, Harrell says “there’s a lot that we have to do.” A 2013 survey by Employee Benefit Research Institute found 156 million people had employment-based health benefits.

“Employers have to be particularly mindful of the fact that people are out there trying to steal information," says Harrell. Organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Health care data breaches impact employers, benefits security - www.ebn.BenefitsNews.com, 10/14/20`4

Thursday, October 30, 2014

School Shooter's Medical Privacy Violated

The parents of a boy who shot classmates at school have filed a lawsuit against the New Mexico hospital where he was treated claiming not enough was done to protect the privacy of their son's medical record.

The boy's medical record was inappropriately accessed by eight of the hospital staff. The parents are seeking compensatory and punitive damages from the hospital for "gross and reckless disregard of their son's rights.

"Eight staff members had "gross and reckless disregard of [his privacy] rights" when he was a patient at the hospital ." - News 4, Albuquerque
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Roswell shooter's medical privacy violated - www.KOB.com, 10/24/2014

Wednesday, October 29, 2014

$10M FCC Fine for Carriers' Privacy Breaches

It appears the Federal Communication Commission (FCC) is taking a stand as data security cop. It has fined a telecommunications company and its affiliate $10 million for violating the privacy of phone customers' personally identifiable information (PII). The action is the FCC's first data security case and the largest privacy enforcement in the Commission’s history.

The Chief of the FCC's Enforcement Bureau said consumers trust their personal information will be protected and "when carriers break that trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices."

"When carriers break [consumer] trust, the Commission will take action to ensure that they are held accountable for unjust and unreasonable data security practices."
- Chief of the FCC’s Enforcement Bureau, Travis LeBlanc
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) The FCC as data security cop: $10 million fine for carriers’ security breaches - www.NetworkWorld.com, 10/24/2014

Tuesday, October 28, 2014

$850K Settlement for Bank Privacy Breach

Although there has been no identifiable identity theft, a US bank has agreed to pay an $850,000 settlement to nine states for a 2012 privacy breach.

Acting Attorney General John J. Hoffman said the settlement is designed to help prevent future consumer privacy breaches.

"All consumers — and especially banking consumers — have a reasonable expectation of privacy and protection when it comes to their information."
- Acting Attorney General John J. Hoffman
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NJ to get $103,000 in TD Bank settlement over data breach - www.NorthJersey.com, 10/18/2014

Monday, October 27, 2014

Medical Assistant Sentenced for Insider ID Theft

A Florida medical assistant who pleaded guilty in August 2014 to stealing and selling 2,000 identities knowing they would be used to file fraudulent tax returns has been sentenced. She is to serve three years in prison followed by three years supervised release.

The personally identifiable information she stole from a hospital database included patients' names, addresses, birth dates, and Social Security numbers.

"[She] accessed the [hospital] database...to steal patient identities, including names, dates of birth, and social security numbers, so that she could sell them."
- U.S. Attorney’s Office, Southern District of Florida
It is unclear how the identity thefts were discovered. Healthcare organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Medical Assistant at Gastroenterology Consultants Sentenced For Stealing Patients’ Identities From The Memorial Healthcare System Database - www.PHIprivacy.net, 10/24/2014

Friday, October 24, 2014

Digital Health Investments Reach $3B

Digital health investments in the first three quarters of 2014 reached $3 billion.

In the first half of this year investments had already exceeded those in 2013, according to a report by Rock Health. Analytics and big data were the top two among six business categories favored by investors. The most active investors this year, include Founders Fund, Khosla Ventures, Sequoia Capital, and Venrock, according to a report by StartUp Health.

"The top business types in tech health targeted by investors are analytics and big data."
- Venture Beat
Learn how Veriphyr Identity and Access Intelligence delivers healthcare insights - with no hardware and no on-site software.
Sources:
(a) 2014 digital health investments reach $3B, double 2013’s total - www.VentureBeat.com, 10/1/2014

Thursday, October 23, 2014

FTC to Focus on Privacy, Soltani Named CTO

The Federal Trade Commission (FTC) has named Ashkan Soltani its new CTO, reinforcing its focus on digital privacy issues.

Mr. Soltani is well known in digital privacy circles as an independent research consultant. He has a history with the FTC, having served there as staff technologist for the Division of Privacy and Identity Protection. Soltani is replacing Lantanya Sweeney who is returning to Harvard University.

"Naming Soltani CTO signals how seriously the FTC takes the issue of privacy and in particular digital privacy."
- Marc Groman, NAI President and CEO
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NAI Head Marc Groman Exits; FTC Ramps Up Privacy Focus with New CTO - www.AdAge.com, 10/22/2014

Wednesday, October 22, 2014

Another Insider Medical Privacy Breach of a Canadian Politcian

Yesterday we posted about the insider breach of Toronto Mayor Rob Ford and now another medical privacy breach of a politician by hospital employees Parliament has been reported.

Olivia Chow confirmed her late husband and former NDP leader Jack Layton had his records inappropriately accessed while being treated at another major Toronto hospital.

"Jack Layton’s medical records were breached."
- Olivia Chow, Jack Layton's wife
It is unclear how the breach of Layton's records was discovered. Healthcare organizations seeking proactive detection of privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Jack Layton’s hospital records were also accessed, Chow says - www.TheGlobeAndMail.com, 10/17/2014

Tuesday, October 21, 2014

Hospital Insiders Breach Toronto Mayor's Privacy

Two hospital employees breached Toronto Mayor Rob Ford's privacy by snooping in his medical records, according to the hospital where he was treated.

In Canada it is a Personal Health Information Protection Act offence to collect, use or disclose personal health information, said acting information and privacy commissioner of Ontario Brian Beamish. Any individual found guilty of the offence can be fined up to $50,000 and any organization, up to $250,000

"Two hospital staff members breached privacy when they “inappropriately accessed” Mayor Rob Ford’s health records." - Hospital spokesperson
The hospital reported that an audit discovered the breaches. While it is not uncommon to closely monitor access to VIP medical records monitoring of access to every patient is not as widespread. Healthcare organizations can monitor access to all patient records, by all staff, with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Mayor Rob Ford's privacy breached, hospital says - www.TheStar.com,10/16/2014

Monday, October 20, 2014

Police Chief Sentenced for Data Privacy Breach

An Ohio police chief pleaded guilty to misusing the Ohio Law Enforcement Gateway to obtain information on people for purposes unrelated to law enforcement. The online secure network shares criminal-justice data among law-enforcement agencies, and is supposed to be used only for official business.

He was sentenced to six months in prison, suspended to a year’s probation for unauthorized use of property. According to the Ohio attorney general, this former police chief can never again be a sworn officer in the state.

"The police chief...misused the Ohio Law Enforcement Gateway to obtain information on people for purposes unrelated to law enforcement." - The Columbus Dispatch
It is unclear how these breaches were discovered. Organizations seeking to proactively detect privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Laurelville police chief gets probation for system snooping - www.ColumbusDispatch.com,10/17/2014

Friday, October 17, 2014

Update on Class Action Lawsuit for Hospital Privacy Breaches

This is an update regarding the class action lawsuit against a Tennessee based hospital group for a breaches of patient privacy.

The hospital's data breach compromised personal patient information including names, addresses, credit card numbers and Social Security numbers. The plantiffs' attorney attorney has said the hospital was "also slow to detect the breaches and take corrective acction."

"[The hospital] was also slow to detect the breaches and take corrective action."
- Turner W. Branch, senior partner of the Branch Law Firm
Healthcare organizations can counter such charges by utilizing low-cost on-demand SaaS analytics services to rapidly detect privacy data breaches.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Class action lawsuit filed against CHS - www.Clinical-Innovation.com, 10/10/2014

Thursday, October 16, 2014

Board Member Leaked Student Data to Mental Health Provider

A Virginia School Board member leaked disciplinary files on at least 20 students to a vendor that provides mental health services.

Reportedly, some at the school were not aware that board members could access student records. The school district is conducting a full investigation of the breach and notifying parents of the students' involved.

"Student records are not public records...they contain not only education information but health information as well."
- Bill Bosher, former school superintendent
The breach of confidential student information was discovered by a third party. Organizations seeking to proactively detect privacy data breaches, even by authorized users, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Top Opinion System Must Protect Student Privacy - www.TimesDispatch.com, 10/12/2014


Wednesday, October 15, 2014

HHS Names Savage as ONC Chief Privacy Officer

The Department of Health and Human Services (HHS) has named Lucia Savage, Esq. as the new chief privacy officer of the Office of the National Coordinator for Health IT (ONC).

Ms. Savage currently is a senior associate general counsel at insurer United Healthcare. In her role at the ONC she will provide advice to HHS and ONC on developing privacy and security programs to carry out mandates in the HITECH Act. The post will also help set privacy and security programs as ONC moves into post-HITECH initiatives.

"Savage] brings to our team a set of rich experiences at the intersection of health information, privacy, and modernizing the health care delivery system."
- Karen DeSalvo, ONC National Coordinator
"She has stellar qualifications and a passion for health IT. ... I am confident that she will bring her wealth of experience to advance critical privacy and security policies in health IT development and implementation," according to ONC head Karen DeSalvo.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HHS Names New ONC Privacy Chief - www.HealthcareInfoSecurity.com, 10/14/2014

Tuesday, October 14, 2014

Hospital Faces Class Action Suit for Privacy Breach

A data privacy breach in August has a Tennessee based hospital chain facing a class action suit in New Mexico and six other states. "As a result of the defendants' failure to implement and follow basic security procedures, plaintiff's sensitive information is now in the hands of thieves,” according to the suit.

Usually plantiffs have to prove direct harm as the result of a data breach but hospitals might be concerned about a the precedent set by a class action suit last year against a healthcare plan.

"The problem is that personal information doesn't change. The repercussions of this event could be felt for years."
- Paula Knippa, Slack & Davis, plantiffs' attorney
Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Community Health Systems faces data-breach class action - www.ModernHealthcare.com, 10/13/2014

Monday, October 13, 2014

Update: Hospital Aware of Breaches Months Before Stopped

Childens' privacy breaches by an insider may have gone on longer than initially reported. It now seems that although the hospital knew there had been snooping by an employee for fourteen months it may have gone on for twenty months.

Why was the worker allowed to continue snooping through private records for months after the hospital became aware of the breach? The hospital said they “did take action” in the case, such as conducting additional audits that found more breaches.

" new figures suggest the [breaches of childrens' privacy] continued for much longer — 20 months — from January 2013 to August 2014."
- Calgary Herald
Rather than take months to conduct detailed audits of which records staff accessed organizations can know within days with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) AHS was aware of privacy breach for months before it stopped - www.CalgaryHerald.com, 10/11/2014

Friday, October 10, 2014

Department Store ID Theft Ring Broken

Five employees of a Manhattan department store have been accused of being part of an identity theft ring. The ringleader allegedly stole customer identities and then had her four accomplices purchase luxury goods that were then sold on the black market.

Local as well as federal authorities, including the Secret Service and Homeland Security, were involved in breaking up the ring.

"Sales associates bought $400,000 in designer products that were resold on the black market."
- Manhattan District Attorney
It seems the department store learned of the identity thefts, which began in April, from a third party. Organizations seeking to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Saks Fifth Avenue employees busted in identity theft ring - www.NYdailyNews.com, 10/06/2014

Thursday, October 9, 2014

Prison for Corrections Officer Who Stole Inmate IDs

A Tampa Florida man, formerly a correctional officer, was sentenced to more than four years in prison for stealing current and former inmate identities and using them to file fraudulent tax returns.

He began stealing inmate identities from computer files in 2011 and filed 182 fraudulent income tax returns. Prosecutor estimate he had tried to obtain refunds of more than $500,000.

"He began stealing identifies of current and former inmates from computer files in January 2011 while he served as a correctional officer."
- Tampa Bay Times
It is unclear how the identity thefts were discovered. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former corrections officer sent to prison for stealing inmate identities - www.TampaBay.com, 10/02/2014

Wednesday, October 8, 2014

Children's Privacy Breached by Hospital Insider

An employee at a Canadian children's hospital repeatedly inappropriately accessed medical records of its patients. An audit found that 247 records were breached over a 14 month period.

The staff member, who no longer works at the hospital, may have accessed patient history, contact information, date of birth, names of relatives and emergency contact information.

"The breaches were detected during audits...which revealed patient records were being inappropriately accessed by a staff member over a 14-month period." - CBC News
In is unclear why the privacy breaches went on for 14 months. Organizations seeking proactive detection of privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Alberta Children's Hospital patient privacy breach prompts apology - www.CBC.ca, 10/07/2014

Tuesday, October 7, 2014

Telco Insider Breached Customer Data

A telco employee gained unauthorized access to personal data of about 1,600 customers. The telco fired the employee and notified the customers about the data privacy breach.

The personal customer information breached may have included Social Security numbers, driver's license numbers and services the customers subscribed to.

"the employee may have obtained Social Security numbers, driver's license numbers and [telco] services customers subscribed to."
- Reuters
It is unclear how the data breach was discovered. Organizations seeking proactive detection of identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) AT&T says some customers being informed of data breach in August - www.Reuters.com, 10/6/2014

Monday, October 6, 2014

Massive ID Theft, Tax Fraud Trial Postponed

Nine people from Alabama and Georgia are accused of stealing IDs from the military hospital at Fort Benning. The patients' identities, as well as those from a state corrections facility, were used to file $20 million in fraudulent tax refunds.

U.S. District Judge Keith Watkins postponed the trial from Nov. 3 to April 13 at the joint request of the prosecution and defense.

"The nine...are accused of using 7,000 stolen IDs to file $20 million in fraudulent tax returns."
- The Telegraph
it is unclear how the identity thefts were discovered. Organizations seeking to proactively detect identity thefts and breaches of data privacy can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Trial in massive ID theft case postponed - www.DataBreaches.net, 10/4/2014

Friday, October 3, 2014

MDs Charged in Privacy Breach

Two Canadian physicians have been charged with allegedly using patient information improperly and without consent.

The doctors worked at a health clinic and allegedly took information about the patients there and then contacted them when they started working at a new clinic.

"[The physicians] obtained "some or all" of the individual's addresses without the clinic's or the patients' consent.." - Leader-Post
Reportedly the privacy breach was discovered after someone filed a complaint. Healthcare organizations seeking to proactively detect privacy data breaches and identity thefts can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Doctors charged over privacy breach - www.LeaderPost.com, 10/2/2014

Thursday, October 2, 2014

October is Cyber Security Awareness Month

October 2014 marks the 11th Annual Cyber Security Month. Americans of all ages can take action to raise the level of our collective cybersecurity, and the Department of Homeland Security's "Stop.Think.Connect." campaign is empowering individuals to do their part.

Everyone should utilize secure passwords online and change them regularly. Internet users should take advantage of all available methods to protect their private accounts and information, and parents can teach their children not to share personal information over the Internet

"54% of Americans are extremely concerned about loss of personal or financial information.."
- National Cyber Security Alliance survey
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Stop.Think.Connect - www.StopThinkConnect.org, 10/2/2014

Wednesday, October 1, 2014

Policeman Breaches Data Protection Act

A UK policeman has been found in breach of the Data Protection Act.

He unlawfully accessed police computer systems during a six month long dispute with his neighbor. The breach came to light when a complaint was filed with the Criminal Allegations Against the Police Division.

"A local police officer has been found to be in breach of the Data Protection Act after a dispute between neighbours.."
- Ardrossan Herald
Rather than have a complaint filed, organizations can proactively detect privacy data breaches by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ardrossan cop breaches Data Protection Act but avoids prosecution - - www.ArdrossanHerald.com, 09/29/2014

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.