Data Breach at LabCorp & Quest Diagnostics Tip of the Iceberg.

This week, two companies in the healthcare sector announced that their clients were affected by an information security breach. Both LabCorp and Quest Diagnostics were affected, and their data breaches can be traced back to AMCA (American Medical Collection Agency which also does business as Retrieval-Masters Creditors Bureau), a billing collections vendor. Many are pointing […] read more

Canada NWT Laptop Not Encrypted Because It’s “Very Difficult To Encrypt”.

Approximately two weeks ago, Canada’s cbc.com reported on the theft of a government laptop with promises of more articles on the same in the weeks to come. Earlier this week, the last article was posted. The story is a doozy. To summarize, an employee with the Department of Health and Social Services (Northwest Territories, Canada) […] read more

California Looking To Label Biometric Data As “Personal Information”.

California was the first state in the US to pass a data breach notification law, all the way back in 2003. In the intervening fifteen years, all states have passed similar laws. The federal government has repeatedly attempted to pass one as well, so far without success. The need for federal legislation, one that would […] read more

HIPAA Notifications Are Now Within 30 Days Since Breach If You’re In Colorado.

According to bizjournals.com, any HIPAA-covered entities that do business in Colorado will now have 30 days to notify Coloradans (or Coloradoans, if you prefer) of a data breach involving personal information, and not the customary 60 calendar days under HIPAA. The reason? A bill on data security that went into effect in September. As usual, […] read more

Anthem Data Breach Settled for $115M, Despite Having “Reasonable” Security.

Last week, a federal judge approved a settlement – the largest to date when it comes to data breaches – that is historic and yet falls flat: Anthem, the Indianapolis-based insurer, has agreed to pay a total of $115 million to settle all charges related to its 2015 data breach. The breach, strongly believed to […] read more

Australia’s Notifiable Data Breaches Law Nets 31 Reports In 3 Weeks.

A new Australian law appears to be succeeding in finally unveiling the current state of data breaches in the Land Down Under. According to a release by the country’s information commissioner’s office (the OAIC), thirty-one data breaches were reported to the government since the law took effect on February 22, 2018.   Notifiable Data Breach […] read more

HIPAA Breach Results In Lawsuit And Countersuit Between Aetna and KCC.

Reuters reported earlier this month that Aetna, the health insurance company, and Kurtzman Carson Consultants (KCC), an administrative-support services provider, have sued each other over a mishandled class action settlement notification. Last year, Aetna settled a number of lawsuits regarding the fulfillment of HIV medication prescriptions. With the legal issues finalized, it was up to […] read more

HIPAA Security Trickle-down? Notifications State Sensitive Information Not Contained In Stolen Devices.

According to databreaches.net, two medical entities recently alerted patients of a data breach: Eastern Maine Medical Center (EMMC) and Nevro Corporation. In the case of EMMC, an external hard drive went missing. For Nevro, a number of laptops were stolen during a break-in. Information contained in these devices was not protected with data encryption in […] read more

Penn Medicine Sending Breach Notifications To 1000 Patients Over Stolen Laptop.

Penn Medicine has revealed this past week that a laptop computer with protected health information (PHI) was stolen on November 30. While the details are meager (aside from a short entry at philly.com, which is referenced by databreaches.net, an online search comes up empty), the following was revealed: About 1000 people were affected. The laptop […] read more

24,000 Affected After UNC Health Care Desktop Computer Stolen.

We’re on the cusp of 2018, yet data breaches that smell like 2008 are still making an appearance. According to various news outlets, UNC Health Care has announced a data breach that involved approximately 24,000 patients when a computer – a desktop computer – was stolen during a break-in. The breached data: …includes names, addresses, […] read more