Encryption Almost Prevents Humana Data Breach in Wisconsin
Data encryption technology used by Humana may not have prevented a data breach, but it has certainly limited the extent of data exposed, the damage caused, and has considerably reduced the cost of remediation. On Friday last week, Humana reported the theft of an encrypted laptop from an employee’s vehicle. Security keys for the laptop were not stolen, and the data stored on the device remain secure; however, along with the laptop, the thief stole documentation containing the names, dates of birth, and “clinic names” of 2,800 Medicare Advantage Plan subscribers. In addition to the above data, 250 subscribers also had their Humana member identification numbers exposed, according to a recent report in the Milwaukee Journal Sentinel. A statement issued by Humana confirms that financial information and Social Security numbers were not compromised in the security incident. The Breach Notification Rule of the Health Insurance Portability & Accountability Act (HIPAA) requires notification letters to be sent to all individuals who have had their Protected Health Information (PHI)...
Alleged Intimidation and Potential VA HIPAA Violations Investigated
The Department of Veteran Affairs has come under increasing criticism in recent weeks for privacy and potential HIPAA violations. The White House Office of Special Counsel initiated an investigation into the VA for veteran privacy breaches, and now the Department of Health and Human Services has taken the decision to start an investigation, this time for potential VA HIPAA violations caused when the medical records of a whistleblower were allegedly accessed in retaliation for the disclosure of VA privacy violations. This week, whistleblower Brandon Coleman received a notification from the HHS of an investigation into a complaint he made of inappropriate and unauthorized accessing of his confidential medical files by the VA. He was informed that the HHS had started an investigation into his privacy complaint on May 1, 2015. He claimed the privacy violation occurred in an effort to intimidate him for giving evidence against the VA. Two weeks ago, in a Senate hearing, Coleman and other whistleblowers accused the VA of conducting smear campaigns that involved VA staff accessing the...
CarePlus Discovers Privacy Breach Affecting 1400
A potential privacy breach has been discovered to have affected CarePlus Health Plans. This is one of a number of patient privacy breaches to have been reported in recent weeks that have involved errors made when printing and mailing information to patients. On September 18, 2015, CarePlus prepared a mailing of CarePlus Late Enrollment Penalty Premium Statements to patients. A machine was used to insert two premium statements into each envelope, but instead of inserting one statement, two were placed into each envelope by accident. The error resulted in 1,400 patients being sent statements intended for other patients. The information potentially disclosed did not include highly sensitive information such as Social Security numbers, but patients have their names, addresses and CarePlus ID numbers accidentally disclosed to other health plan subscribers. All affected members will undoubtedly already be aware of the error if they opened their statements, although they have now also been sent a HIPAA breach notification letter explaining the exposure of their information and how the...
Doctors Stand Accused of Using EHR to Steal Patients
Two Pediatric pulmonologists from Valley Children’s Specialty Medical Group’s Madera, CA. Valley Children’s Hospital (VCH) have been accused of using their access rights to the hospital’s EHR to obtain contact information of patients, with a view to getting them to switch healthcare providers. Two physicians – David Lee, MD and John Moua, MD – have been named in a lawsuit that alleges they used their access rights to hospital data “for personal gain and commercial advantage.” Dr. Paul Do and Dr. John Moua were allegedly “seeking to misappropriate patients” from the hospital, and move them to a Central California Faculty Medical Group run facility. The physicians allegedly used Spanish-speaking interpreters to contact patients suffering from cystic fibrosis, and gave them misleading and false information about their current healthcare provider. They were allegedly informed that the hospital they were currently using to receive medical services was understaffed and could not continue to provide them with quality care, and even informed them...
Ponemon 2015 Cost of Cyber Crime Study Published
The Ponemon Institute has published its 6th Annual Cost of Cyber Crime Study. Each year the organization assesses the financial impact of cyber crime and data breaches caused by hackers and other criminals. This year’s data show the cost of dealing with data breaches and cyberattacks has risen substantially, with the average cost of remediation following a criminal attack now having risen to $15 million in the United States. Globally, the cost of dealing with attacks ranged from $1.9 million to $65 million. The Ponemon Institute partnered with HP for the study, which assessed the cost of cyberattacks affecting both the public and private sector in seven countries around the world (U.S., U.K., Germany, Japan, Brazil, the Russian Federation and Australia.) In addition to estimating the cost of crime, the study also offers some insight into how organizations can deal with the threat of attack, and minimize the financial impact when criminals strike. Cost of Cyber Crime has Increased 20% Year on Year Ponemon/HP determined that the cost of cyber crime has risen 20% year on...



