HHS Launches Redesigned Responsive Website
The Department of Health and Human Services has completed the re-vamp of its website and its visitors are now presented with a clearer, crisper and more user-friendly interface thanks to a design that was developed to work on all devices and screen sizes. The change has been long overdue as any regular visitor to the HHS website could attest; the information was always there, but finding that information was a slow process and searching was especially difficult on a handheld device. Designed with Current and Future Visitors in Mind Before the site was developed, the HHS conducted market research survey, web analytics, workshops and usability testing with the public, and took the initiative from companies such as WIRED and NPR; both of which have recently redesigned, reorganized and re-purposed their own web content. “Out with the old and in with the new” has been taken to heart, with the HHS clearing out 154,000 files that were obsolete, removing all of the unnecessary files to speed up site searches. With less files to search with every query, search sped has been greatly...
Cybersecurity Firm Accused of PHI Theft and Mafia Style Extortion
According to a recent report on CNN, cybersecurity firm Tiversa has been staging break-ins, stealing PHI, and extorting its clients in an attempt to get them to pay for additional services provided by the firm. An accusation firmly denied by Tiversa. The story of Tiversa is likely to become well known over the coming weeks, as a whistle-blower has come forward with tales of extortion, theft, scare tactics, and fraud closer to what would be expected of the mafia, not a cybersecurity company. The company may not be particularly well known, but some of its board members are. According to the CNN report, “board members include several highly-decorated experts in the security and privacy fields, including the retired four-star U.S. Army General Wesley K. Clark (formerly NATO’s Supreme Allied Commander in Europe) and Larry Ponemon (founder of the Ponemon Institute, a pro-privacy think tank).” Whistle-Blower Reveals Details of Mafia-Style Extortion An ex-employee of the company, Richard Wallace, has testified in a Washington D.C court claiming, as one of the company’s former...
No Insurance Cover for Cottage Health HIPAA Breach?
Columbia Casualty Co – a unit of Chicago-based CAN Financial Corp. – is seeking a ruling from a judge in an attempt to avoid paying a $4.1 million settlement for the HIPAA breach suffered by the Cottage Health System; a not-for-profit network of hospitals in Southern California. The data breach in question took place between October 8, 2013, and December 2, 2013, not at the Cottage Health System, but a Business Associate (BA). The breach occurred when data was placed on an unencrypted network server, allowing the information to be indexed in Google and be made freely available on the internet. The data breach resulted in approximately 32,500 medical records being exposed along with Personally Identifiable Information (PII) and Social Security numbers. A class action lawsuit was filed against Cottage Health System for the disclosure of information with a $4.1 million settlement being sought. That settlement received preliminary court approval in December 2014, and Columbia Casualty is trying to avoid paying. Breach of Policy Could Mean No Payout Since the Cottage Health...
UT Southwestern Medical Center Announces Data Disclosure
The UT Southwestern Medical Center has inadvertently breached Health Insurance Portability and Accountability Act and state privacy laws after accidentally transmitting the immunization records of 1,032 individuals to a confidential state registry. The data was posted to the ImmTrac immunization database, used by the Texas Department of State Health Services, school districts and physicians to keep a check on children’s immunizations to ensure they have been performed. The database contains over 120 million immunization records, mostly for children although some adults have data recorded on the system. Access to ImmTrac is strictly controlled and only authorized individuals would have been able to view the information uploaded. Under Texan law, written authorization must be obtained from the patient before any data is shared statewide ImmTrac users. The information started being transmitted on January 9, 2015 after a routine computer upgrade was performed. Russell Rian, a spokesperson for UTSW, said in a statement the transmission was the result of a “computer glitch.” At no point...
Metro Health System HIPAA Breach: Malware Claims 981 Victims
The MetroHealth System has announced it has suffered a HIPAA breach after malware was discovered on three of its computers. 981 medical records of patients who received cardiac catheterizations were potentially compromised in the attack. The MetroHealth System, a county operated non-profit healthcare provider based in Cleveland, Ohio, discovered on March 17 that malware had infected three Cardiac Cath Lab computers. The malicious software was removed the following day on March, 18. MetroHealth initiated an immediate investigation into the malware infection and potential data breach to determine how the software had been installed, the extent to which data had been compromised, the patients who had been affected and whether any data had actually been viewed or copied. While the malware was initially thought to have been successfully removed, the forensic investigation revealed the highly sophisticated nature of the software. Some days into the investigation, it was discovered that in addition to the malware, a back door had been created allowing the creator of the software full...



