We’ve been fairly consistent in our coverage of data breaches, including the regrettable fact that more digital data stored out there on EHRs and devices with low security means Happy Hacking (or Stealing) for Fun and Profit. [TTA 2 Apr] Here’s additional proof, including the first incident this Editor has seen of email phishing:

California, there they go: A theft of eight computers from Sutherland Healthcare Solutions’ medical billing and collections office compromised 338,700 patients’ personal health information (PHI), including SSIs. Sutherland provides services to the Los Angeles County Department of Health Services and Department of Public Health. Being California, three class action lawsuits have already been filed. Kaiser Permanente compromised 5,100 records at their Northern California Division of Research. According to iHealthBeat, it was on a laptop; Health Data Management reports it was on a server. The malware was lurking for 2 1/2 years (!) but it’s not determined whether the data was actually stolen. Phishing scam hits Catholic Health Initiatives, affects 12,000 in multiple states: What looked like an internal CHI email asking for patient information wasn’t– (more…)