6 Healthcare Organizations Discover PHI Has Potentially Been Compromised
Six possible data breaches have been reported by healthcare organizations in the past few days that may have resulted in an impermissible disclosure of patient data. 8,701 patients are known to have been affected by the breaches. Harris Health System Notifies Patients About Potential Privacy Breach Houston, TX-based Harris Health System has notified 2,298 patients that some of their protected health information (PHI) has been exposed. On December 30, 2019, two envelopes were sent to Ben Taub Hospital to be scanned and archived in the Harris Health electronic medical record system, but the envelopes were lost in transit. The envelopes contained 143 sheets which are believed to include data from patients who visited Gulfgate Health Center for medical services between December 9, 2019 and December 27, 2019. The sheets contained information such as names, dates of birth, addresses, telephone numbers, test results, diagnoses, health insurance information, medical information, provider information, and Social Security numbers. Since it was not possible to determine which patients were...
Senators Demand Answers from Ascension About Project Nightingale as Google’s Response was Deemed Incomplete
Following the revelation that a considerable volume of patient data had been shared with Google by the Catholic health system Ascension, the second largest health system in the United States, a bipartisan group of Senators – Sen. Bill Cassidy, M.D., (R-LA), Elizabeth Warren (D-MA), and Richard Blumenthal (D-CT) – wrote to Google demanding answers about the nature of the agreements and the information the company received. Ascension operates 150 hospitals and more than 2,600 care facilities in 20 states and the District of Columbia and has more than 10 million patients. In November 2019, a whistleblower at Google passed information to the Wall Street Journal on the nature of the collaboration and claimed that patient data, including patient names, dates of birth, lab test results, diagnoses, health histories and other protected health information, had been shared with Google and was accessible by more than 150 Google employees. In response to the story, Google announced that the partnership, named Project Nightingale, was a cloud migration and data sharing initiative....
‘SweynTooth’ Vulnerabilities in Bluetooth Low Energy Chips Affect Many Medical Devices
12 vulnerabilities – collectively called SweynTooth – have been identified by researchers at the Singapore University of Technology and Design which are present in the Bluetooth Low Energy (BLE) software development kits used by at least 7 manufacturers of software-on-a-chip (SOC) chipsets. SOCs are used in smart home devices, fitness trackers, wearable health devices, and medical devices and give them their wireless connectivity. SoCs with the SweynTooth vulnerabilities are used in insulin pumps, pacemakers, and blood glucose monitors as well as hospital equipment such as ultrasound machines and patient monitors. It is not yet known exactly how many medical devices and wearable health devices are impacted by the flaws as manufacturers obtain their SoCs from several sources. Some security researchers believe millions of medical devices could be vulnerable. SoCs are used in around 500 different products. Hundreds of millions of devices could be affected. The vulnerabilities are present in SoCs from Cypress, Dialog Semiconductors, Microchip, NXP Semiconductors,...
Flaw in Walgreens Mobile App Secure Messaging Feature Exposed PHI
Walgreens has started notifying customers that some of their protected health information may have been accessed by other individuals as a result of an error in the personal secure messaging feature of the Walgreens mobile app. The secure messaging feature allows registered customers to receive SMS prescription refill notifications and deals and coupons. An undisclosed error in the app was identified that allowed certain information in its database to be viewed by other customers. Affected customers have been advised that one or more personal messages may have been viewed by other individuals between January 9, 2020 and January 15, 2020. The personal messages included patients’ first and last names, drug name and prescription number, store number, and shipping address. Walgreens said health-related information was only exposed for a limited number of affected customers. The messages did not include any Social Security numbers or financial information. According to a breach notice submitted to the California Attorney General on Friday, the error was detected by Walgreens on January...
Quest Diagnostics 2016 Data Breach Settlement Receives Final Approval
A federal judge has given final approval of a settlement to resolve a class action lawsuit filed against the New Jersey-based medical laboratory company, Quest Diagnostics Inc., over its 2016 data breach. The $195,000 settlement provides up to $325 compensation for each breach victim. On November 26, 2016 hackers gained access to the Care360 MyQuest mobile app that is used by patients to store and share their electronic test results and make appointments. The health app contained names, dates of birth, telephone numbers, and lab test results which, for some patients, included their HIV test results. 34,000 patients were affected by the breach. A class action lawsuit was filed on behalf of patients affected by the breach in 2017. The lawsuit alleged Quest Diagnostics had been negligent and failed to protect the sensitive data of app users. The lawsuit states, “Despite the fact that it was storing sensitive Private Information that it knew or should have known was valuable to and vulnerable to cyber attackers, Quest and its fellow Defendants failed to take adequate measures that...



