Utah Department of Technology Services (DTS) reveals 780,000 individuals have been affected by the theft of sensitive Medicaid information. That’s far worse than initial estimates
via Utah’s Medicaid Data Breach Worse Than Expected – Healthcare – Security & Privacy – Informationweek.
All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010
via Final phase of Mass. data protection law kicks in March 1.
Security breaches among healthcare organizations are soaring. That’s the conclusion of the Second Annual Benchmark Study on Patient Privacy and Data Security
via Medical data breaches soar, according to study.
Last week, two experts with knowledge of Nasdaq OMX Groups internal investigation said that while attackers hadnt directly attacked trading servers, they had installed malware on sensitive systems, which enabled them to spy on dozens of company directors
via Nasdaq Server Breach: 3 Expected Findings – Security – Attacks/breaches – Informationweek.
All 4.9 million TRICARE military health plan beneficiaries that were affected by a recent data breach will be notified by mail, but they won’t be offered free credit monitoring services.
via TRICARE Breach Notification in Works.
Most importantly, the new law PDF available here, courtesy Information Law Group states that notification must be direct. Yes, it can be electronic, but it must provide a way for the notified party to follow up with questions, and give that person a point of contact who represents the company. The company contact must be accessible through toll-free telephone, not just e-mail.
via California: Consumers Must Be Notified Directly of Data Breaches.
Data breaches, including those originating inside and outside of the organization, continue to affect companies at an alarming rate. Nearly half a billion electronic records in the United States have been compromised over the last six years
via Nearly Half a Billion Electronic Records in the U.S. Have Been Compromised.
Another week, another data breach at a major university. This week it’s Yale, which announced Friday that the names and Social Security numbers of 43,000 people affiliated with the university had been publicly viewable on Google for the past 10 months.
via Data breach hits Yale University – Technology & science – Security – msnbc.com.
KPMG, which won OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011, told the Saint Barnabas Health Care System of West Orange, NJ, in June 2010 that a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care, Saint Barnabas reported on its website.
via HIPAA Auditor Involved in Own Data Breach.
Data Breaches Involving Business Associates
According to data on OCR’s website, there have been 292 breaches affecting 500 or more individuals since September 2009. Business associates have been involved in 57, or about 20%, of those breaches.
via OCR Deciding Whether To Run HIPAA Audits on Business Associates – iHealthBeat.