We’ve been fairly consistent in our coverage of data breaches, including the regrettable fact that more digital data stored out there on EHRs and devices with low security means Happy Hacking (or Stealing) for Fun and Profit. [TTA 2 Apr] Here’s additional proof, including the first incident this Editor has seen of email phishing:
California, there they go: A theft of eight computers from Sutherland Healthcare Solutions’ medical billing and collections office compromised 338,700 patients’ personal health information (PHI), including SSIs. Sutherland provides services to the Los Angeles County Department of Health Services and Department of Public Health. Being California, three class action lawsuits have already been filed. Kaiser Permanente compromised 5,100 records at their Northern California Division of Research. According to iHealthBeat, it was on a laptop; Health Data Management reports it was on a server. The malware was lurking for 2 1/2 years (!) but it’s not determined whether the data was actually stolen. Phishing scam hits Catholic Health Initiatives, affects 12,000 in multiple states: What looked like an internal CHI email asking for patient information wasn’t–it was a phishing scam like those fake requests from PayPal or a credit card. Under 4,000 records had SSI numbers but most had other significant information such as name, date of birth, treating physician or department, diagnosis, treatment, medical record number, medical service code and health insurance information. It’s Googly Time Down South: An Alabama physician billing service, PracMan, used a company subcontractor which copied and stored data on 3,100 patients from a PracMan computer to an unsecured server. The files then showed up in search engine results. Pure Michigan: A laptop and flash drive were stolen from the Department of Community Health (MDCH), compromising 2,595 patients’ PHI. iHealthBeat. Health Data Management: CHI, Sutherland, Kaiser. Becker’s Hospital CIO: PracMan, MDCH.