Connecticut Breach Notification Laws Updated
Connecticut breach notification laws have been updated and are now in effect. Substitute Senate Bill No. 949, Public Act No. 15-142 introduced a number of changes to improve data security and agency effectiveness to better protect state residents. Updates affect all who do business in the state, with specific changes that affect contractors (Business Associates/BAs) and health insurers. One of the major changes concerns damage and risk mitigation after a data breach. All companies and individuals doing business in the state must now provide credit monitoring services to breach victims, without charge, for a minimum period of one year if confidential information is exposed. The definition of “confidential information” varies from state to state. It broadly follows the definitions in HIPAA/HITECH, although in Connecticut it specifically refers to: Name Date of birth Mother’s maiden name Motor vehicle operator’s license number Social Security number Employee identification number Employer or taxpayer identification number Alien registration number Government passport...
Another Orlando Health Data Breach Reported: 3,200-Records Exposed
Yesterday, Orlando Health reported a (now former) employee illegally accessed the medical records of up to 3,200 patients while employed at the hospital. The data breach was discovered on May 27, 2015, although it took just over a month for breach notices to be issued. The healthcare provider started sending notifications to patients yesterday, according to the Orlando Sentinel. An investigation was immediately launched upon discovery of the data breach, which rapidly established information had been improperly accessed by the employee. The healthcare provider terminated the employee’s work contract, and the matter has been reported to law enforcement officers. This is not the first data breach to be suffered by Orlando Health. Another employee was discovered to have improperly accessed patient records in February 2013. In March of last year the company lost a flash drive containing the medical records of 586 children treated at the company’s Arnold Palmer Medical Center. More recently, just two months ago, patient records were found in a neighborhood driveway. Breach Notification...
Ill. Insurer Discovers PHI Disclosure Caused by Software Glitch
An Illinois-based health insurer, the Trustmark Mutual Holding Company, has discovered a data security issue that compromised the privacy of a number of its members. The data breach was caused by an error in the company’s automated e-billing system. The system generates emails that are sent to the company’s insurance carrier clients. The system should generate an email containing a single file attachment in which information specific to that insurance carrier’s clients is contained. The emails and the attachments are encrypted, so there is no chance of interception of data in transit. However on May 13, 2015, a software glitch resulted in emails being generated and sent which contained attachments meant for other insurance carriers. The spreadsheets contained information protected under HIPAA Rules, including Social Security numbers along with patient names and details of payroll deduction amounts. The total number of breach victims has not been announced, although a breach notice issued to the New Hampshire attorney general states that 21 New Hampshire residents have been...
Trust can be Regained with Prompt Data Breach Notices
Disgruntled patients will be lost to other healthcare providers/insurers after a data breach; however there will not necessarily be a mass exodus provided the breach is managed properly. Get the breach response right and it can go a long way towards rebuilding patients’ trust in an organization. Survey Indicates Americans Want the Truth about Data Breaches A new survey conducted by Qualtrics, a company specializing in email data protection, indicates the general public is aware that data breaches are now a part of life; however trust in a retailer or healthcare provider is being lost after personal data is exposed. Trust in a HIPAA-covered entity may be lost, but it can be regained. The survey results suggest the best way to do this is with openness, honesty and the issuing of prompt data breach notices. The study was conducted on a sample of 500 Americans aged between 18 and 75, with respondents asked their thoughts about data breaches and how their behavior has changed since the threat of a data breach has risen. The data shows Americans want to be told the truth about...
Serious Adobe Flash Security Vulnerability Discovered
In addition to dealing with the increased threat of Cryptowall ransomware and Stegoloader malware attacks, healthcare IT professionals must be aware of the latest software security vulnerabilities as they can all too easily cause a data breach. Adobe Flash in particular is a major security risk, with yet another serious security vulnerability discovered in the past few days. The latest Adobe Flash security flaw has an easy fix; the company issued a patch last week to tackle the vulnerability; however any computer that does not have the latest version of the software installed is a potential attack point for hackers. This could pose a problem for multiple hospital systems with thousands of networked computers to update. Another Adobe Flash Hacking Risk Discovered The security vulnerability was discovered not by Adobe, but FireEye Intelligence, a cyber-security company specializing in zero-day malware and advanced security threats. The company identified a security flaw that can be exploited by criminals to gain access to computers running Adobe Flash software. Hackers use a...



