Many Level 2 merchants are just now realizing that their PCI world has changed. Under rules announced this summer, Level 2 MasterCard merchants—like their Level 1 brethren—will require an onsite assessment by a QSA starting in 2010.
A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen after using uncompliant terminals.
According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.
Clients of four major Czech banks could find their accounts blocked at their next visit to the ATM as a result of the largest bank-card security breach in Czech history.
Eyewitness News has learned that 16 employees of the Harris County Hospital District – most of whom worked at Ben Taub General Hospital – were fired last week for allegedly looking through patients confidential medical information.
An ambulance driver, who wishes to remain anonymous, with AMR says the problem goes well beyond the doors of UMC.
“I happen to know from personal experience that it's so much wider than that.”
The driver says the buying and selling of patient records is big business.
The Health Insurance Portability and Accountability Act (HIPAA) allows CVS Caremark access to information on patients covered by its pharmacy benefit manager for administering claims and other limited purposes. Company letters collected by NCPA document CVS Caremark tapping into personal medical histories for marketing purposes, such as to urge patients to switch an existing prescription from their independent community pharmacy to a CVS retail or Caremark mail order pharmacy. A redacted example letter can be found here
The FBI said Friday it may investigate a breach of patient privacy laws at University Medical Center, where hospital officials are reeling with the realization that at least one of their employees has leaked confidential names, birth dates and Social Security numbers.
The National Institute of Standards and Technology wants industry help to develop a Web-based tool that would let users determine if they met the security requirements of the Health Insurance Portability and Accountability Act (HIPAA)
… The contractor shall gather requirements, design, develop, test, and integrate a software application for use as a web based application and for download for CSD customers to conduct a self assessment of their work environment against the security requirements of the HIPAA Security Rule.
Private information about accident victims treated at University Medical Center has apparently been leaking for months, the Sun has learned, allegedly so ambulance-chasing attorneys could mine for clients.
Sources say someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries — that could also be used for identity theft.
A health insurer lost 1.5 million patient records last May but waited six months to disclose the incident.
The data, which was stored on a portable disk drive that disappeared from the insurer’s office, was unencrypted and included patient Social Security numbers, bank account numbers and health data, according to the Hartford Courant. The disk also contained personal information on at least 5,000 physicians.