Nursing Home Residents’ PHI Accidentally Disclosed by Iowa DHS
Protected health information of 425 nursing home patients has been accidentally mailed to 12 nursing home facilities by the Iowa Department of Human Services. The HIPAA breach occurred in December 2015, although it was not discovered by Iowa DHS until January 22, 2016. Last month, all affected patients were sent a breach notification letter alerting them to the accidental disclosure of their data. According to Iowa DHS, it is unlikely that any patient data have been used inappropriately as they were sent to another HIPAA covered entity. The privacy breach occurred when Iowa DHS’ Medicaid Enterprise Medical Services department sent roster reports to the nursing homes. Those reports contained the names, Medicaid identification numbers, insurance or government program information, and the facility where each patient currently resides. Upon discovery of the breach, Iowa DHS contacted all 12 nursing facilities and instructed them to shred the data they had received. All facilities have now confirmed that the data have been securely destroyed. Medicaid Director Mikki Stier issued a...
Staff Email Accounts Compromised in City of Hope Hospital Phishing Attack
A phishing attack on California’s City of Hope Hospital has resulted in four staff email accounts being compromised. Three out of the four compromised email accounts contained a limited amount of protected health information, although the hospital does not believe the attack took place with a view to obtaining patient data. A press release from the Duarte hospital indicates the attack was most probably conducted in order to obtain contact information to use to send spam emails. A forensic data analysis organized by the hospital revealed that, in the majority of cases, patients only had their name and medical record number exposed. Some patients had more data exposed, including their date of birth, email address, telephone number, home address, dates of service, test results, and medical diagnoses. Only one Social Security number was exposed. The City of Hope Hospital phishing attack took place between January 18, and January 24, 2016. It is not clear how long it took security staff at the hospital to discover the attack, although prompt action was taken once the intrusion was...
HIMSS Conference 16 Roundup
The past 5 days have seen almost 42,000 industry professionals attend the HIMSS Conference & Exhibition in Las Vegas; the largest health IT educational event of the year. Each year health IT professionals, executives, vendors, and clinicians from all over the world attend the conference to learn about the latest cutting edge IT products, and to take part in education programs, thought leader sessions, and roundtable discussions. The purpose of the conference is to show how health and healthcare can be improved by the use of IT, and to explain the power information technology has to transform healthcare organizations and increase profits. Attendees were provided with a wealth of information to help them leverage new technology to provide better services to patients. This year attendees were treated to presentations from high-profile keynote speakers including Super Bowl-winning quarterback & five time NFL MVP, Peyton Manning; Dr. Jonah Berger, the author of the best-selling book Contagious: Why Things Catch On, Dell CEO Michael Dell, and the highest healthcare official in...
Healthcare Companies Commit to Improving Health Information Flow
At this year’s Health Information Management Systems Society conference, U.S. Department of Health and Human Services Secretary Sylvia M. Burwell announced that all major Health information technology developers and the top health systems have all pledged to implement three core commitments to help improve the flow of healthcare data to consumers and healthcare providers. A pledge has now been made by 17 health IT developers, 16 health systems, and 17 provider, technology, and consumer organizations. Seven of the biggest healthcare systems providing healthcare services in 46 states are all on board, with Community Health Systems, Hospital Corporation of America, Tenet Healthcare, Ascension Health, Trinity Health, Catholic Health Initiatives, and Kaiser Permanente all having committed to improving health information sharing, as are the Health IT companies responsible for providing 90% of EHRs used by U.S. hospitals. All have agreed to help improve consumer access to healthcare records, implement national interoperability standards, and will not to engage in information blocking. At...
Second Californian Healthcare Ransomware Attack Announced
Just a few weeks have passed since Hollywood Presbyterian Medical Center suffered a ransomware infection; now a second ransomware attack has occurred in California, this time affecting the Los Angeles County Department of Health Services. The ransomware infected 5 computers used by Los Angeles DHS, although officials have reported the ransomware attack has not affected operations. The infection was contained and did not spread laterally to infect the DHS network. While Hollywood Presbyterian Medical Center felt the best course of action was to give in to the demands of the attackers and pay a 40 Bitcoin ($17,000) ransom, officials at LA’s DHS have said they have no intention of paying a ransom to unlock the affected computers. The latest attack is much less severe than the attack on HPMC and did not resulted in the locking of critical data. The ransomware infection only locked “a few of employees’ systems.” Had the infection spread, LA County DHS may have had little choice but to pay the ransom. Healthcare organizations have been targeted with malware and ransomware attacks with...



