Six Recommendations for GDPR Privacy Policies Released by Dutch DPA
The Dutch Data Protection Authority (DPA) has released six recommendations in relation to privacy policies for companies in the Netherlands. Autoriteit Persoonsgegevens (the Dutch DPA) advises companies who are drafting and using privacy policies to: Review their data processing procedures and determine if they are legally obligated to implement a privacy policy. Speak with privacy specialists, including the company’s data protection...
Healthcare Data Breach Report for April 2019
April 2019 was the worst month recorded, to date, for healthcare data breaches. More data breaches were made known to the Department of Health and Human Services’ Office for Civil Rights (OCR) during April than other other month since healthcare data breach reports were first reported in October 2009. In April, 46 healthcare data breaches were made known to OCR, which is a 48% increase from March and 67% higher than the average number...
Uploaded to Unapproved and Unsecured Cloud Service Used by UMC Physicians
UMC Physicians, based in Lubbock, is contacting patients of UMC Southwest Gastroenterology to make them aware that some of their protected health information has been exposed due to errors of judgement by two of its employed providers. Those suppliers had each set up a Google shared drive which was used to track follow up jobs related to the provision of care to patients. While the shared drives were set up with good aims and were...
Verity Health’s St. Vincent Medical Center Reports Phishing Attack
St. Vincent Medical Center, a part of Verity Health System, has announced a staff email account has been hacked following a response to a phishing email. The breach took place on March 15, 2016 and involved the email account of a hospital pathologist. The account compromise was discovered on March 26 and the account was secured within hours. During the period of time time that the unauthorized individual had access to the account, it...
Legal Action: Court told Hospital Worker Shared Patient Information
A legal action has been submitted against Atchison Hospital in Kansas by a rape victim who claims an x-ray technician at the hospital got in touch with her attacker and disclosed sensitive data about the treatment she received at the hospital. According to a report in the Kansas City Star, after being raped, the woman sought treatment at the hospital. She was given a rape kit examination, and allegedly made it clear to the hospital...