Friday, January 30, 2015

Hospital Employee Breached Patients' Privacy

A hospital employee in Canada has breached the privacy of "a small number of patients" according to officials.

A breach was first discovered in December 2014 which led to further investigation which found breaches had occurred over almost a one year period. The patients, as well as the Office of the Information and Privacy Commissioner and the Minister of Health, have been notified about the breach.

"an employee not providing care to those patients...viewed health information, including prescription and lab information.."
- Hospital officials
It is unclear why the breaches occurred for almost one year. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Privacy breach of patient records in Prince Albert health region - www.GlobalNews.ca, 01/29/2015

Thursday, January 29, 2015

Hedge Fund Employee Stole Trade Secrets from Firm's Computers

A computer analyst who worked for a Chicago hedge fund stole trade secrets that caused $12.2 million in losses. He was sentenced to 3 years in prison and ordered to pay his former employer $760,000 to cover costs incurred during the investigation.

The trade secrets he illegally downloaded were information about algorithms developed for high frequency trading by the hedge fund.

"[He] illegally downloaded information about algorithms developed for use in high-frequency trading by the Chicago-based [company]."
- Daily Hampshire Gazette
It is unclear how this insider data breach was discovered. Organization seeking to proactively detect theft of intellectual property can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Computer analyst sentenced for trade secrets theft - www.GazzetteNet.com, 01/16/2015

Wednesday, January 28, 2015

Hospital Pharmacist Breached Privacy of 844 Patients

A hospital in San Francisco has notified 844 patients that their medical records may have been breached by a pharmacist employee. The pharmacist has since been terminated.

A breach of 14 patients was discovered in October 2014 and further investigation found a total of 844 patients' had been accessed without an apparent valid purpose. The information accessed included patient demographics, last four digits of social security number, clinical information including diagnosis and clinical notes, and prescription information.

"A pharmacist employee may have accessed [patients'] records without a business or treatment purpose." - Hospital's website
The breaches occurred between October 2013 to October 2014. It is unclear why the breaches were no discovered until October 2014. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand Saas analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Audit finds employee access to patient files without apparent business or treatment purpose - www.CPMC.org, 01/23/2015

Tuesday, January 27, 2015

Insiders at Chiropractic Clinic Breach 3,000 Patient Records

An employee and a contract chiropractor allegedly breached the privacy of 3,000 patients at a clinic in Wisconsin and shortly after resigned from their jobs.

The clinic discovered the privacy breaches in November and believe the personal information was taken for the purpose of soliciting patients. The stolen data may have included names, addresses, phone numbers, email addresses, birthdays, Social Security numbers and insurance information.

"Patients’ names, addresses, phone numbers, email addresses, birthdays, Social Security numbers and insurance information—may have been taken." - Clinic officials
Since these workers were authorized to access patients' personal information as part of their job it's critical that the audit process can distinguish appropriate from inappropriate access. Healthcare organization seeking this type of audit can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hudson Chiropractic Clinic Notifies Patients of November Security Breach - www.KAALtv.com, 01/26/2015

Monday, January 26, 2015

Data Privacy Day - January 28

Data Privacy Day (DPD), celebrated annually on January 28th, is an international effort centered on "Respecting Privacy, Safeguarding Data and Enabling Trust."

Privacy is gaining increasing attention in our digitally connected world. You can find tips to protect yourself online at www.StaySafeOnline.org.

"The American consumer is beginning to understand the far-reaching value of their personal information...and continue to express concerns about their privacy online."
- www.StaySafeOnLine.org
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Data Privacy Day - www.StaySafeOnline.org, 01/26/2015

Friday, January 23, 2015

Nursing Home Insider Sentenced for Patient ID Thefts

A former nursing assistant at a Georgia nursing home has been sentenced for her role in a scheme to steal patient identities that were then used for tax refund fraud.

The certified nursing assistant pleaded guilty to stealing patients' names, dates of birth, and Social Security numbers and providing them to a co-conspirator who filed fraudulent tax returns. She was sentenced to five years probation and must repay the IRS.

"A former nursing home worker...pleaded guilty in an identity fraud scheme involving stolen patient information."
- The Telegraph

The identity thefts were discovered by law enforcement. Rather than learn about ID thefts from third parties, healthcare organizations can detect them proactively with low-cost on-demand SaaS analytics services.

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) SOURCE_TITLE - www.TheTelegraph.com, 01/22/2015

http://blog.veriphyr.com/2015/01/nursing-home-insider-patient-id-thefts.html

Wednesday, January 21, 2015

Bank Teller ID Theft Ring in NY

Bank tellers from a number of New York banks were part of an identity theft ring which stole personal information from hundreds of customers.

Two of the ring leaders, who had expanded the scheme to Connecticut and Massachusetts, pleaded guilty to multiple charges.

"The [identity theft] scheme had been expanded to Long Island, Connecticut, and Massachusetts."
- NY Attorney General, Eric Schneiderman
It is unclear over what period of time the ID thefts occurred or how they were discovered. Organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Two Plead Guilty in New York Identity Theft Case - www.AmericanBanker.com, 01/20/2015

Tuesday, January 20, 2015

Anti-Abortion Insider Breached Patients' Privacy

A hospital employee, who was also a high-profile anti-abortion activist, breached the privacy of hundreds of patients by inappropriately accessing their records and abortion files.

Between 2011 and 2012 this information clerk, who has since been fired, snooped on nearly 300 patients. Although the hospital says this person's "work computer and email were searched and did not reveal any evidence of patient personal health information having been disclosed" in this age of smart phone cameras every screen can easily be captured and later printed and shared.

"Nobody wants to have unauthorized people accessing your records, but with abortion services there is another layer of need for confidentiality."
- Celia Posyniak, Executive Director Kensington Clinic
It is unclear why the breaches of a know anti-abortion activist were allowed to go on for a year. Healthcare organizations seeking proactive detection of patient data privacy breaches can utilize low-cost on-demand SaaS analytics services.
DownlLearn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Anti-abortion activist fired in patient privacy breach - www.TheStar.com, 01/20/2015

Monday, January 19, 2015

Dentist Sued for Privacy Breaches

State attorney generals continue to go after HIPAA violators. The Indiana State Attorney General's Office has reached a settlement with a dentist they sued for mishandling records of 5,600 patients. The records included names, medical records, phone numbers, birth dates, Social Security numbers, insurance cards, insurance information and state ID numbers

Indiana's Attorney General, Greg Zoller, is seeking to toughen laws related to data breaches. He said “The alarming rise in data breaches we’re experiencing on a global scale is putting countless Hoosiers at risk of identity theft, which can have absolutely devastating consequences."

"The Attorney General’s Office sued Beck for failing to protect personal information."
- Indiana government
Organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) [ATG] State settles with former dentist accused of dumping patient files -
www.IN.gov, 01/09/2015

Friday, January 16, 2015

County Employee Allegedly Stole Inmates' IDs

A Missouri county health department employee allegedly stole prison inmates' IDs.

The clerk, who was employed for 25 years and resigned in November 2014, handled inmates' medical claims. County officials say the employee, in violation of the federal Health Insurance Portability and Accountability Act (HIPAA), took names and Social Security numbers of some inmates from 2008 through last year.

"[The employee took] names and Social Security numbers of some inmates from 2008 through last year."
- St. Louis county officials
These identity thefts were not discovered until after the employee had resigned. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) St. Louis County investigates possible breach of inmate health privacy - www.StLtoday.com, 01/15/2015

Thursday, January 15, 2015

OCR Collects Record $7.5M in 2014 Settlements

The Health and Human Services (HHS) Office for Civil Rights (OCR) collected a record $7.5 million in settlements in 2104.

It is important to note that in most settlement cases there was no evidence any of the protected health information (PHI) has ever been misused. This shows how much higher the standard is for PHI vs credit card information.

"[2014] was notable not only for the number of settlements, but their size." - AIS Health
Healthcare organizations seeking to proactively detect PHI identity theft or breach can utilize low-cost on-demand SaaS analytices services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Breach Caused by Adobe Reader Helps OCR End 2014 With $7.5M in Settlements - www.AIS.com, 01/12/2015

Wednesday, January 14, 2015

MD Snooped Nurse's Medical Records

A Canadian physician has been reprimanded for snooping on the personal health records of a nurse with whom he had a previous contentious relationship.

After hospitalization for an auto accident the nurse requested an accounting of who had accessed her electronic health record(EHR). This is how she discovered that this doctor, who was not involved in her care, had accessed her medical records. The regional privacy commissioner investigated and confirmed the doctor had breached her privacy.

"Patient trust is at stake if employee/practitioner snooping is allowed to persist." - Privacy Commissioner
In addition to the reprimand the privacy commissioner has urged healthcare organizations make a greater effort to address privacy complaints. They noted that patient trust was at stake if employee/practitioner snooping is allowed to persist.

If the nurse had not requested an accounting of disclosures the privacy breach may never have been discovered. Healthcare organizations seeking to proactively detect privacy breaches, as well as easily provide accounting of disclosures, can utilize low-cost on-demand SaaS analytics services.

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Saskatchewan employee snooping case: do two privacy wrongs make a right? - www.Lexology.com, 01/12/2015

Tuesday, January 13, 2015

Financial Services Insider Stole Client Data

A financial adviser at an American multi-national financial services, company has been accused of stealing account data on 350,000 clients - approximately 10% of the company's wealth management clients.

This insider, who has been fired, claims he did not intend to use the information for personal financial gain.

"[The employee is] accused of stealing account data on about 350,000 clients...potentially the largest data theft at a wealth-management firm."
- The Wall Street Journal
An article in Forbes noted "Now, after a leak of client data at the hands of one of its own, [this company's] wealth management team will need to work hard to regain trust." Organization's seeking to proactively detect data theft by rogue employees can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Morgan Stanley Fires Employee Over Client-Data Leak - www.WSJ.com, 01/05/2015

Monday, January 12, 2015

Survey: Health CIO Workload Increasing

Chief Information Officers are facing increased workloads according to a December 2014 survey by an executive search firm.

The survey shows found CIOs feel their workload will only continue to accelerate. Forty-eight percent said they were concerned about their ability to keep pace with the changes required of the role.

"What is the most important capability you need to meet the challenge of your role now and in the future?” The vast majority, 46 percent, stated “Data Analytics." - Healthcare IT News
Expertise in data analytics is seen by CIOs as a critical to their role. However, few plan on additional education and instead will rely on partnering and bringing in outside resources. One approach is to utilize low-cost on-demand SaaS data analytics services.
Learn how Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a)
CIO Workload to Expand Bigtime - www.HealthcareITnews.com, 01/12/2014

Friday, January 9, 2015

Time for a Board-Level Cybersecurity Committee?

A three-time CEO and board member of several major corporations, Betsy Atkins says the time has come for corporate boards to establish cybersecurity technology committees.

In light of the massive breaches of the last year, her article in Forbes reminds boards of their fiduciary responsibilities regarding digital data security. Atkins outlines steps boards can take to ensure stronger oversight of organizations' data protection.

"I think the time has come for boards to create a dedicated cybersecurity technology committee.."
- Betsy Atkins, three-time CEO and director at Darden, HD Supply and Schneider Electric
Atkins says, "it is crucial that the board require management to present their policies on cyber security" as well receive updates from the security committee if a breach occurs. Boards might be surprised to find out that a court considers failure to disclose a cyber-attack as a “material omission,” according to some interpretations of new SEC guidance on disclosure.

What do you think? Is it time for a board-level cybersecurity committee?

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Why It's Time For A Board-Level Cybersecurity Committee - www.Forbes.com, 12/27/2014

Thursday, January 8, 2015

Judge Disciplined for Breaching Privacy

A judge has been disciplined for abusing his access to confidential files. The Judicial Yuan's Judge Evaluation Committee (JEC) in Taiwan ruled the judge had infringed on the privacy of a person he was suing.

Three years ago the judge was involved in a motor vehicle accident and he accessed the judiciary database 17 times to find information about the other driver, including his ID number and records of prior brushes with the law. The JEC ordered the judge's salary be docked for three months and the case be referred to Taiwan's top watchdog agency which has the authority to impeach civil servants.

"[The judge] abused his position to infringe on someone’s privacy by conducting searches into confidential judiciary files." - Judge Evaluation Committee
it is unclear why it took three years to discover the privacy breach. Organizations seeking to proactively detect inappropriate access can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Judge disciplined for use of position to breach privacy - www.TaipeiTimes.com,2014 12/28/

Wednesday, January 7, 2015

Some Hospitals Not Auditing for Privacy Breaches

A survey of 24 healthcare organizations in the Toronto area found a wide variation in how often they were conducting audits of inappropriate access to patients' medical records. Surprisingly, some had NO scheduled audit program.

This is disturbing because in recent months, thousands of patients at hospitals across this region have had their confidential medical records accessed for no medical reason. Incidents have included snooping on Mayor Rob Ford as well as selling information about mothers and their newborns to an investment firm.

"raises awareness for hospitals to take a look at how they are auditing and make sure that their audit is comprehensive enough." - acting Privacy Commissioner Brian Beamish
Healthcare organizations can proactively detect inappropriate access by using low-cost on-demand SaaS analytics services to conduct regular audits.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital privacy breaches at Lakeridge Health and Rouge Valley put spotlight on hospital protocols - www.OurWindsor.ca, 12/26/2014

Tuesday, January 6, 2015

Privacy: a Leading Consumer Issue in 2015

Consumer advocates are hoping important, pressing issues such as privacy will get the attention they deserve in 2015.

This article from the Cleveland Plain Dealer outlines what might be expected this year from the FTC and Congress.

Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Payday and privacy leading consumer issues in 2015: Plain Dealing - www.Cleveland.com, 12/31/2014

Monday, January 5, 2015

National Guard Insider Charged with ID Fraud

A woman employed by the Georgia National Guard has been charged with selling members' identities.

She tried to sell their names, Social Security numbers, and dates of birth to an undercover law enforcement agent. Reportedly she has been working at the National Guard for two years but her position there is unclear.

"She was using her position at work to obtain financial information and sell it." -
Fayette County Sheriff Barry Babb
Unfortunately it is not uncommon for identity thefts by insiders to be discovered by chance. Organizations who prefer to proactively detect identity thefts and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Resident charged with 116 counts of ID fraud - www.TheCitizen.com, 12/26/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.