Pamela Del Negro

 

 

Latest Articles

On December 6, 2017, Henry Ford Health System (HFHS) disclosed that health information of 18,470 patients may have been viewed or stolen. HFHS became aware of the incident on October 3, 2017 after employee credentials were accessed or stolen. According to a statement published on HFHS’ website, Social Security numbers and credit card information were not revealed. Affected information may include a patient’s name, date of birth, date of service, medical record number, provider name,…
On November 24, 2017, image-sharing website Imgur disclosed that email addresses and passwords of 1.7 million users were stolen in a 2014 hack on the company. Imgur became aware of the breach on November 23, 2017 when a security researcher alerted the company about the potential issue. The breach was confirmed on November 24th and Imgur posted a notice of the breach on its blog later that same day. According to the blog post, the…
Hyatt Hotels Corporation recently announced that it had identified malicious software code resulting in unauthorized access to customer payment card information. Hyatt disclosed that upon investigating the incident, it discovered unauthorized access to customer payment cards manually entered or swiped at the front desk of 41 Hyatt-managed locations in 11 countries between March 18, 2017, and July 2, 2017. A list of the affected locations and contact information for questions is available here. Hyatt…
The U.S. Department of Health and Human Services (HHS) has used its authority to waive certain provisions of HIPAA in response to Hurricane Harvey. HHS previously declared a public health emergency in Texas and Louisiana related to the hurricane and its aftermath. Under the waiver, HHS waives sanctions against covered hospitals that do not comply with HIPAA requirements to distribute a notice of privacy practices; obtain a patient’s agreement in order to speak with family…
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules. Any person who believes that a covered entity or business associate is not complying with HIPAA may file a complaint with OCR (complaints may also be submitted directly to a covered entity). Here is a high-level overview of the OCR complaint process from intake and review through investigation and resolution: Intake and…
Last week, New Jersey Governor Chris Christie told reporters that he is in talks with representatives from the U.S. Department of Health and Human Services and the U.S. Department of Justice about easing HIPAA restrictions in situations where individuals have experienced an opioid overdose. Gov. Christie chairs the presidential commission on opioid abuse. Speaking to reporters, Gov. Christie expressed an interest in letting “parents and loved ones know when people have been reversed with Narcan,”…
A misconfigured backup server hosted by medical records technology vendor iHealth Solutions resulted in exposure of over 7,000 medical records, some containing sensitive information. The records, involving patients seen at Bronx-Lebanon Hospital Center in New York, New York, between 2014 – 2017, include patients’ names, addresses, HIV status, mental health diagnoses and addiction histories, as well as sexual assault and domestic violence reports. The leak was discovered by a team of researchers at MacKeeper Security…
The Office for Civil Rights (OCR) has announced that it entered into a settlement with The Center for Children’s Digestive Health (CCDH) for $31,000.  CCDH is a small for-profit health care provider with seven locations in Illinois. The settlement arose out of an OCR compliance review initiated in August 2015 after an investigation of a CCDH business associate that stored inactive paper medical records for CCDH.  While CCDH had been disclosing PHI to the vendor…
Cloudflare, Inc., a provider of performance and security solutions for websites, recently disclosed that a software bug caused it to leak customer data that was then cached by search engines. Uber, Fitbit, and OkCupid sites may have been affected. While the leaked data is believed to contain private information, the extent of that information is unclear. End-user passwords, cookies, and authentication tokens used to log in to multiple website accounts may have been exposed. In…
According to several media outlets, Topps, whose products include sports trading cards, recently notified customers via email of a security breach. Information that may have been compromised includes bank account numbers, names, and email addresses of customers who placed orders between July 30 and October 12, 2016. Topps has not publicly released the number of individuals whose information may have been compromised but is offering a year of identity theft protection for customers who may…