Contra Costa County, Calif., has sent out notification letters to residents whose names were referenced in a public document posted to the county's website regarding debts owed to the Health Services Department.
It's a corporate account takeover scheme - with a twist. The scam involves money mules and distributed denial of service attacks. "This is an entirely different scenario," says Mike Smith of Akamai Technologies.
Physician group practices, many of which are adopting their first electronic health record system, need to make staff training on privacy and security issues a top priority, says Susan Turney, M.D., the new CEO at the Medical Group Management Association.
In addition to the negative publicity associated with being included on the federal tally of major health information breaches, some organizations are experiencing yet another impact of breaches: class action lawsuits.
The ongoing delay in the release of final versions of HIPAA modifications and the HIPAA breach notification rule makes it more difficult for healthcare organizations to set information security investment priorities, says hospital privacy officer Kari Myrold.
Ongoing HIPAA compliance training is key to breach prevention, says Terrell Herzig of UAB Medicine. Yet many healthcare organizations are lacking in their efforts, according to results from the Healthcare Information Security Today survey.
Virtual Radiologic Professionals, LLC notified individuals about a stolen laptop taken from an employee's car. By corporate policy, the laptop's hard drive was supposed to be encrypted, but something went wrong.
A wave of security breaches serves as a catalyst for all types of organizations to assess the need for cyber insurance. Here's the story of one institution that saw the threat and took out a $10 million policy.
Sutter Health, an integrated delivery system that was in the process of encrypting all its desktop computers, reports that a device that had not yet been encrypted was recently stolen, affecting more than 4.2 million patients.