Over 5,000 patients participating in research studies with Kaiser Permanente may have had their personal information compromised. A research computer used to store names, birth dates, medical record numbers and lab results was found to be infected with malicious software. It was reported that the computer was infected for more than two and a half years before being discovered.
The Heartbleed Bug is a security risk that made headlines last week. It presents a vulnerability in the OpenSSL cryptographic software library that implicates encryption features. It is the encryption technology behind many websites that collect personal or financial information (typically indicated by a lock icon in the browser to tell the user the site is secure).
The organization HealthIT.gov has issued guidance for employers who allow employees to access information through a mobile device. This information may be helpful for employers in setting up security protocols for mobile devices. Click here for access to a summary of best practices.
The Department of Health and Human Services released an online tool to help mid-sized organizations perform a security risk assessment under HIPAA. Click here to access the tool.
A third party billing vendor, Sutherland Healthcare Solutions, caused a HIPAA breach when several of its unencrypted computers were stolen last month. The computers at the Los Angeles County public health and health services departments contained patient Social Security Numbers, billing information, date of birth and medical diagnoses. The computers were not encrypted according to HIPAA standards.
Skagit County, Washington must pay the U.S. Department of Health and Human Services (HHS) $215,000. HHS investigated the County after learning that protected health information from the Skagit County Public Health Department was accessible through a public server.
A Puerto Rico based insurance company, Triple-S Salud, was found to have exposed protected health information in Medicare-eligible individuals’ medical records.
The company manages Medicaid in Puerto Rico. In September 2013, Triple-S Salud mailed letters to Medicare Advantage customers with Medicare numbers visible from the envelope.
The National Institute of Standards and Technology (NIST) issued a new cybersecurity framework describing best practices for organizations to develop their information security programs. The framework is the result of a collaboration between government groups and private businesses.
A Texas healthcare system was the target of a recent security breach in which hackers accessed protected health information of around 405,000 individuals.
A health insurance company based in Wisconsin notified over 41,000 participants of a possible HIPAA breach.