Increased Risk of Harm Not Grounds For Advocate Health Breach Lawsuit
An Advocate Health breach lawsuit was recently deemed to be too speculative to warrant a class-action claim for damages. The Illinois Appellate Court recently ruled that an increased risk of suffering harm as a result of an exposure of confidential health data is insufficient by itself to confer standing in a class-action data breach claim. The risk of harm was not deemed to be severe enough to warrant a data breach class action lawsuit. For damages to be awarded, evidence of actual harm must be provided. The case, Maglio v. Advocate Health and Hospitals Corporation, was filed by Matias Maglio on behalf of Macailee Maglio, Alexander Gill, and a number of other patients and next friends of minors affected by the breach. The plaintiffs allege they face an increased risk of suffering identity theft and fraud as a result of the exposure of their Protected Health Information (PHI). No identity theft had yet been reported or been suffered by any of the patients named in the lawsuit. The threat of fraud and loss was believed to be sufficient grounds for the complaint. The defendants moved...
Massachusetts Hospital Reports Missing Unencrypted Thumb Drive
Lawrence General Hospital, Mass. has reported a missing thumb drive containing the Protected Health Information (PHI) of 2,071 individuals. The drive was last used on June 6, 2015, but it has not been seen since. The thumb drive was noticed as being missing on June 9, 2015. In a recent press release announcing the potential loss of the drive, the hospital confirmed that the portable storage device contained only a limited amount of data, including the names of patients, lab testing codes, some lab testing information and slide identification numbers. Since no Social Security numbers, dates of birth, financial information or insurance details were stored on the device, the risk to patients is understood to be low. The announcement regarding the potential data exposure was posted on the company website on August 7, 2015, with the OCR notified on August 5. Breach notification letters have now been sent to all patients concerned. Employee Carelessness Raises Awareness of Thumb Drive Security This is the second time a thumb drive has been reported missing by a healthcare provider...
New Android Smartphone Data Security Warnings Issued
New Android Smartphone data security warnings have been issued, alerting users to new security flaws in the software which could potentially allow hackers to gain control of the devices. The Android security flaw discovered by IBM’s X-Force Application Security Research Team could affect 55% of Android phone owners, while Check Point’s discovery could similarly affect millions. These announcements come after Samsung, Google and LG had stated they will now be providing monthly security updates for Android devices, including a fix for the Stagefright vulnerability. Unfortunately, Android devices often include additional software installed by the device manufacturer, a problem Apple and Blackberry do not share: Both companies have developed their own hardware and software. As a result the latter companies can roll out security updates much more quickly. With the open-source Android platform, security fixes will always be issued more slowly. ‘Certifi-gate’ Security Breach Reported Android Smartphone data security warnings are now being issued with increasing frequency. The...
UCLA Health Data Breach Lawsuits Mount
The cyberattack that hit UCLA Health could potentially have been suffered by a large number of hospitals in the United States. Hackers are deliberately targeting healthcare providers, and their employees, to gain access to healthcare data. With the current barrage of ever more sophisticated attacks, it is only a matter of time before some succeed. UCLA Health Invested Heavily in Cybersecurity Protections Given the high risk of attack, hospital systems must invest in robust cybersecurity protections to ensure, as far as is possible and practical, that patient data is kept secure. UCLA Health had recently committed tens of millions of dollars to improve cybersecurity defenses. In its announcement of the attack, it was pointed out that even with multi-million dollar defenses it was unable to prevent this cyberattack, although “millions of known hacker attempts [are repelled] each year,” and it is under “near-constant attack.” Alleged Failures to Secure Protected Health Information of Patients In spite of these protections, some patients do not believe UCLA did enough to...
Hospital Employee Steals Protected Patient Data to Commit Identity Theft
A former employee of the Bethesda Hospital in Boynton Beach, Fla, has been arrested and charged with identity theft; after fraudulently obtaining IDs and credit in the names of 20 individuals, most of whom had been patients of the Boynton Beach hospital in which she worked. Elexes Thaddies, 24, was arrested on Friday, Aug 7, by Boca Raton police officers as part of an investigation into identity theft and credit fraud, with the investigation first starting in September 2014. Other police departments were also investigating the crimes, with Coral Springs and Boynton Beach police both looking into identity theft crimes. The investigations uncovered 20 victims, a number of whom were able to identify Thaddies, saying they had seen her working at the hospital. Law enforcement officers also discovered a new account had been opened in a victim’s name, which listed Thaddies named as an authorized user of that account. She had used that account to make a $1,160 purchase at Nordstrom in Palm Beach Gardens, according to the police report. Thaddies was using the stolen identities to pay her...



