Friday, October 30, 2015

Hospital Workers Fired for Breaching Lamar Odom Privacy

While Lamar Odom was hospitalized in Nevada several staff members tried to take photos of him and some tried to access his medical records in violation of HIPAA rules. Several of the hospital workers were fired for their actions.

Unfortunately this is not the first time this has happened. Kim Kardashian and Britney Spears had their privacy rights violated during hospital stays and workers involved in the breaches were fired.

"It's not the first time this has happened. Kim Kardashian and Britney Spears had their privacy rights violated during hospital stays."
- TMZ
Access to VIP medical records is usually monitored closely by hospitals but it's just as easy to monitor access to all patients' records by utilizing identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Hospital Workers Fired For Trying to Sneak a Pic - www.TMZ.com, 10/26/2015

Thursday, October 29, 2015

Hospital Employee Fired for Privacy Breach of Patients' Records

A South Carolina hospital employee has been terminated for inappropriately accessing a number of patients' personal data.

Information the employee obtained included patient name, date of birth, driver's license number, insurance information, clinical diagnosis, and possibly Social Security numbers. The breach came to the hospital's attention when other employees began reporting in July 2015 that their insurers had recorded unpaid balances and charges for a prescription cream. Investigated found the employee had been inappropriately accessing patient medical records from January 2014 until August 12, 2015.

"accessing patient medical records "in a manner that was inconsistent with her job functions, hospital procedures and ... training," between Jan. 1, 2014 and Aug. 12, 2015." - Hospital statement
It is unclear why the privacy breaches went on for over one and a half years. And as is all too often the case it seems the hospital learned of the breaches from third parties. Healthcare organizations seeking to proactively detect data privacy breaches and identity theft, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Employee fired after St. Francis data breach - www.GreenvilleOnline.com, 10/26/2015

Tuesday, October 27, 2015

Corporate Compliance & Ethics Week, Nov 1-7, 2015

Celebrate Corporate Compliance & Ethics Week during the first week of November 2015. To better align the timing of Corporate Compliance & Ethics Week with the implementation of the Federal Sentencing Guidelines (Nov. 1, 2004), it will now be held during the first full week in November every year.

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports members' work with education, news and discussion forums.

"Corporate Compliance & Ethics Week highlights the importance of ethics and compliance in every workplace.."
- Society of Corporate Compliance and Ethics
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) SOURCE_TITLE - SOURCE_NAME_AND_DATE

Monday, October 26, 2015

Health Facility Fined: Employee Gave Patient's Test Results to Relative

A healthcare facility in Napa County California has been fined $2,500 by the California Department of Public Health (CDPH).

An employee at the facility breached the privacy of a patient's medical record to find out the results of a pregnancy test and then notified a the patient's family member about the results.

"receptionist viewed the results of a patient's pregnancy test and notified a family member of the patient about the results."
- California Department of Health
Healthcare organizations can proactively detect data privacy breaches, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Survey findings on breach of confidential patient medical information issued by the department on 10/09/2012 - www.CDPH.ca.gov, 10/09/2015

Friday, October 23, 2015

Insurance Firm Again Victim of Insider Customer Data Theft

A multinational insurance company has become the victim of their employees stealing customer data for a second time this year.

It is believed that the data theft involved customers insured by the company who had car accidents in 2013 and 2014. The stolen information was used to target these customers with multiple phone calls in a bid to persuade them to file personal injury claims.

"An employee has been sacked from the company, and the police and Financial Conduct Authority have been informed."
- BBC
Organizations seeking to proactively detect theft of their customer data, even if it occurs only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Aviva hit by second customer data theft - www.TheDrum.com, 10/17/2015

Thursday, October 22, 2015

More than $5.5M Settlement with Employees Over Data Breach

Class action attorneys have reached a settlement with Sony Pictures over a breach of employee data.

The bulk of the $5.5 - $8 million settlement will go to the lawyers who handled the case on a contingency basis. Sony Pictures employees who were part of the suit will each receive about $1,000, credit monitoring and $1 million in identity theft insurance while Sony would pick up the tab for a further $2.5 million — or up to $10,000 per individual — for class members who experience unreimbursed loss from identity theft attributable to the Sony Pictures cyberattack.

"[breach] that left the personal information of employees and ex-employees vulnerable."
- Hollywood Reporter
Organizations seeking to proactively detect data theft by hackers posing as insiders can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) Sony's Settlement With Employees Over Hacked Data Worth More Than $5.5 Million - www.HollywoodReporter.com, 10/20/2015

Tuesday, October 20, 2015

48 Health Workers Accused of Breaching Patient Privacy

A total of 48 healthcare workers in Canada are allegedly involved in privacy breaches of patient medical records and are facing disciplinary action; some employees have been suspended without pay and one person has been fired. The alleged data privacy breaches were found during an audit.

"This situation underscores the very real consequences of patient privacy breaches." - CEO and president of health services

An Office of the Information and Privacy Commissioner spokesperson stated “With access to health information comes great responsibilities for health professionals and administrators. The health information of Albertans cannot be treated like a social media site where you can access it and begin to creep on other people’s information, no matter how curious one might be.”

Learn how Veriphyr uses Structural Analytics to detect "impermissible use" of patient data in clinical and business applications by employees, contractors, and third parties.

Sources:
(a) AHS investigating alleged privacy breach by 48 Calgary employees - www.CalgaryHerald.com, 10/14/2015

(b) Thank you to Databreaches.net who was the source for this posting


Monday, October 19, 2015

Nurses Fined $1K for Each Patient Privacy Breach

Two Canadian registered nurses have been fined $1,000 for each time they breached the privacy of patients' medical records.

The College of Registered Nurses of Manitoba said one nurse apologized to the patient for her poor judgment. The other nurse admitted to the nurse admitted to inappropriately accessing a patient's medical record, but denied disclosing the patient's information. N either nurse had a disciplinary record and they were both ordered to pay the fine.

"The college said neither nurse had a disciplinary record and they were both ordered to pay the fine."
- CBC News
Healthcare organizations seeking to proactively detect data privacy breaches and identity thefts, even if they occur only once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by insiders such as employees, contractors, providers, and vendorsno.
Sources:
(a) 2 Manitoba nurses fined $1K each for breaching patient privacy - www.CBC.ca, 10/17/2015

Friday, October 16, 2015

Govenor Signs Privacy Breach Notification Law

A data breach notification law was recently signed by California Governor Jerry Brown included data encryption standards, as well as standards for defining personal information.

The bill signing comes just a few months after it was revealed that a hack at a large medical center computer network may have compromised personal and medical information for as many as 4.5 million individuals.

"Legislation comes in wake of high-profile health privacy incidents." - FierceHealthIT
Organizations seeking to proactively detect data privacy breaches and identity theft by insiders, or hackers posing as insiders, even if only done once, can utilize identity and activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy by insiders such as employees, contractors, providers, and vendors.
Sources:
(a) California governor signs data breach notification law - www.FierceHealthIT, 10/13/2014

Thursday, October 15, 2015

Hospital Fined $240K for Nurse Breaches of Patients' Privacy

A California hospital has been fined $247,600 by California Department of Public Health (CDPH) for a breaches of patients' privacy.

A nurse employed by the hospital convinced a co-worker to look up information about a patient. The hospital failed to notify the CDPH within five days.

"nurse persuaded a coworker to look up specific logs of patients."
- California DPH
It is unclear who discovered the privacy breaches. Healthcare organizations seeking to proactively detect data privacy breaches and identity thefts, even if they occur only once, can utilize identity and activity analytics.
Sources:
(a) California Department of Health - www.CDPH.ca.gov, 10/13/2015

Wednesday, October 14, 2015

Tax Workers Continue to Snoop on Confidential Taxpayer Info

Of the 34 significant privacy breaches reported in 2014 by the Canada Revenue Agency (CRA) to the privacy commissioner all but two were deliberately committed by the agency’s own employees — and the files indicate no worker was fired or reported to police. Two were major breaches were the deliberate incidents where workers snooped into the files of 169 and 170 taxpayers.

The annual number of breach reports has increased dramatically, to 34 last year from just seven in 2011, even though the agency promised to clean up its act after a critical 2012 audit by the privacy commissioner.

"workers continue to poke into the confidential tax files of friends and foes, despite assurances that the chronic problem of unauthorized access is being fixed."
- CBC News
Privacy lawyer David Fraser says there should be zero tolerance for government workers inappropriately accessing confidential records. Privacy breaches can be detected, even if only done one time, but utilizing identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Tax workers continue to peek at forbidden files: internal reports - www.CBC.ca, 09/30/2015

Monday, October 12, 2015

Doctor Accused of Breaching Patients' Privacy

A Canadian physician has been allegedly inappropriately, and without consent, accessed the medical records of two patients not under his care. In one case the inappropriate access occurred "a number of times between 2003 and 2014" and in the other case the inappropriate access occurred "a number of times between 2003 and 2006."

A hearing will be held and if found to have committed the unauthorized access alleged by the College of Physicians and Surgeons, the physician could face a number of possible sanctions, including having his certificate with the college suspended or revoked.

"the physician inappropriately and without consent accessed records of an unnamed person who was not his patient on a number of occasions between 2003 and 2014."
- Notice of hearing
It is unclear why the inappropriate accesses were allowed to occur over such long time periods. Healthcare organizations seeking to detect unauthorized access to patient records, even if only done once, can utilize identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More on an alleged patient records breach at the hospital - www.SooToday.com, 09/29/2015

Friday, October 9, 2015

MDs Accused of Using EHR to Steal Patients

A California hospital has filed a suit against three physicians and two medical groups claiming they wrongfully accessed at least 164 patient records in order to lure them away.

The lawsuit's allegations include "unauthorized computer access, misappropriation of trade secrets, conversion and misappropriation of patients' personal health information ... to divert patients for their personal financial gain and commercial advantage."

" the access was "a significant data breach" and a HIPAA violation."
- Hospital's chief legal officer
It is unclear how the data breaches were discovered. Such instances add to the growing legal concerns about the inappropriate use of EHRs. Organizations seeking to proactively detect data breaches and thefts, even if only done once, can utilize identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Docs accused of using EHR to steal patients - www.FierceHealthIT.com, 10/08/2015

Thursday, October 8, 2015

Tax Worker Stole Taxpayer IDs for Fraud

A New York state tax department employee allegedly used his employee access to confidential tax records and stole information about taxpayers' bank accounts and then created more than a dozen false and unauthorized electronic checks ranging from $96 to $6,500.

The identity thefts occurred from 2013 to 2015 and involved a dozen state taxpayer accounts. Even after the employee was terminated from the tax department he continued to us the identities to create bogus checks and obtain fraudulent credit cards.

"[he] used his employee access to confidential tax records and stole information on taxpayers' bank accounts."
- Times Union
It is unclear why the identity thefts went on for two years or how they were discovered. Organizations seeking to proactively detect identity theft, even if occurs only once, can utilize on-demand identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) State tax worker allegedly netted $50,000 through identity theft - www.TimesUnion.com, 10/03/2015

Wednesday, October 7, 2015

Bank Employee Stole $112K from Customer Accounts

While working as a financial representative at a Connecticut bank from January 2012 to February 2013 an employee stole $112,000 from customer accounts.

Starting in December 2012 and until about May 2013 he identified accounts that had little activity and would transfer funds from those accounts to he believed to be dormant or to accounts he directly controlled.

"While employed at the bank, [he] identified accounts that had little banking activity."
- US Attorney's Office, District of Connecticut
It is unclear why the thefts took place for over a year. Organizations seeking to proactively detect inappropriate access to customer data, even when it occurs only once, can utilize identity and activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Bank Employee Sentenced to 18 Months in Prison for Stealing More Than $100K from Customer Accounts - www.DOJ.gov, 10/02/2015

Tuesday, October 6, 2015

Telecom Employee Stole Customer Data

A telecom office employee has been fired for stealing customer data and sharing it with a third party. The third party used the stolen data against one of the telecom's customers.

The now former employee worked in the customer experience department and had access to the firm's customer relationship management system. The worker violated her employment contract and the employee code of conduct, according to the telecom's senior public relations person.

"Our ex-employee gave her friend ...that list and then this gentleman used it against our customer."
- Company spokesperson
This seems to be another case where a third party, rather than the those holding the confidential data, discovered the data theft. Organizations seeking to detect data theft, even when an insider only steals once, can utilize activity analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ooredoo data breach brings legal action - www.MMTimes.com, 09/03/2015

Monday, October 5, 2015

HIPAA Audits to Start Soon

The Office of Civil Rights (OCR) anticipates starting HIPAA security compliance audits either late this year or in early 2016. Although the timing is not very specific, organizations still have time, though limited, to bring their houses into HIPAA order.

OCR Director Jocelyn Samuels announced FCi Federal, has been chosen to provide management services to the OCR staff conducting the audits. Samuels stated that the majority of audits will be remote as opposed to site audits. While an on-site audit can be more disruptive and stressful some healthcare organizations feel having auditors on-site allows for face to face interaction.

" new audit protocol that will be more focused than the one used in the pilot audits." - Devon McGraw, OCR deputy director of health information privacy
According to Devon McGraw, OCR deputy director of health information privacy, the OCR is now working on a new protocol for the audits, which will be narrower in scope than those conducted during the pilot round of 115 audits in 2011 and 2012. "We're going to be a bit more focused at some key areas of interest," she said. Healthcare organizations seeking to catch insiders breaching or stealing patient data, even once, can automatically detect them with activity analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) http://www.hitechanswers.net/the-auditors-are-coming-the-auditors-are-coming/ - www.HitechAnswers.com, 09/30/2015

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.