Home Health Care Privacy Briefs: April 2023 | Health Care Compliance Association (HCCA)

Privacy Briefs: April 2023 | Health Care Compliance Association (HCCA)

by Universalwellnesssystems

na

[author: Jane Anderson]

Patient Privacy Report Volume 23, Issue 4. April 2023

After Washington, DC’s health insurance marketplace, DC Health Link, was compromised, personal information of members of Congress and Congressional employees became available on the dark web.[1] In an internal memo sent to US House staff, House Chief Executive Katherine Spinder notified recipients of a “major data breach” and warned that their data may have been compromised. DC Health Link is working with forensic investigators, Szpindor said. The FBI has confirmed that account and personal information belonging to congressmen and employees was stolen, but they do not appear to have been specifically targeted in the attack. The FBI also believes the individuals who were selling the stolen information were unaware of its “high degree of sensitivity” at the time, but continued public disclosure of the incident ensures that it “certainly It will change,’ he said. According to CBS News, the personal information of at least 17 current or former lawmakers was exposed.[2] Rep. Joe Morrell (DN.Y.) said hundreds of congressional staffers may have had their personally identifiable information compromised as well. Morrell, the top Democrat on the House Executive Committee, said the committee had launched a violation investigation to gauge how many people working in Congress exposed classified information. DC Health Link said in a statement that the breach affected his 56,415 people. The organization said it had identified her two different groups of people affected by the breach.[3] Group 1 includes individuals whose information has been published on the dark web. DC Health Link said these individuals will be provided with her three years of free her ID and credit monitoring services. Group 2 includes individuals whose information is stored in the same manner as Group 1, but is not publicly available online. “These individuals have been notified with the utmost caution as we cannot assert that their information has been compromised as we have no evidence of access or download,” he said in a DC Health Link statement. All individuals in Group 2 will also be provided with 3 years of complimentary ID and credit monitoring services. At least two lawsuits have been filed against DC Health Link for violations and are seeking class action status.

Miami-based Independent Living Systems LLC (ILS) is a business associate of two Covered Entity subsidiaries that provide home and community-based programs to the highly complex member populations of the Medicare, Medicaid, and dual-eligible markets. Yes, and have reported a data breach. Up to 4.2 million people are affected, and 2023 will be the largest ever.[4] According to the company’s breach notice, on July 5, 2022, the company “experienced an incident in which it was unable to access certain computer systems on its network.” July 30, 2022 and July 5, 2022. During that time, unauthorized users could obtain some information stored on her ILS network and access and view other information. Information that may have been affected includes names, addresses, dates of birth, driver’s license numbers, state ID numbers, Social Security numbers, financial account information, medical record numbers, Medicare or Medicaid IDs, mental or physical treatment and condition information, including food. Shipping information, diagnostic code or diagnosis information, admission/discharge dates, prescription information, billing/billing information, health insurance information. Multiple lawsuits have been filed against ILS over data breaches.

A cancer patient whose nude medical photos and records were posted online by a ransomware gang has sued their healthcare provider for allowing a “preventable” and “seriously damaging” leak.[5] The proposed class action stems from a February hack in which ransomware group BlackCat compromised one of Lehigh Valley Health Network’s (LVHN) doctors’ networks. BlackCat stole images of patients undergoing radiation therapy and other highly sensitive health records belonging to more than 75,000 people, demanding ransom payments to decrypt the files and prevent them from being posted online. I requested. BlackCat explicitly warned it would release nude photos of its patients. LVHN refused to pay the ransom, and in March BlackCat began leaking patient information. This included shirtless images of at least two of her breast cancer patients. At the time, an LVHN spokesperson issued a statement saying, “LVHN condemns this despicable act.” According to the complaint,[6] The plaintiff, identified as “Jane Doe,” was unaware that LVHN had stored nude photos of her. Plaintiff said she learned about the images from a phone call: March 2023 6, Mary Ann LaRock, LVHN’s vice president of compliance, contacted the plaintiff by phone, advising her that nude images of her taken during radiation treatments had been posted on the dark web by hackers. Apologizing to the plaintiff and laughingly offering a two-year credit check, Mr. LaRock gave the plaintiff his home address, email address, date of birth, Social Security number, health insurance company, medical diagnosis/treatment information, medication, She notified her that confidential information, including test results, was stolen in the data breach, in addition to the now-public photos of her undergoing breast cancer treatment.

UC San Diego Health will provide patients with information about how Solv Health, one of its business associates, uses analytics tools commonly known as pixels on its emergency care and express care clinic booking website, and those tools capture information We are notifying you that we have sent it to a third-party tool provider. . Solv Health hosted and managed UC San Diego Health’s scheduling website in five locations. Anyone who booked an in-person or video visit using the schedule website between September 13th and December 22nd, 2022 may have been impacted. According to UC San Diego Health, the tool may have collected first and last name, date of birth, email address, IP address, third-party girlfriend cookies, reason for visit and type of insurance. The health system said these he has transitioned to a new online scheduling tool for five clinics.[7]

Telehealth startup Cerebral shares personal health information, including mental health ratings, of more than 3.1 million patients in the U.S. with advertisers like Facebook, Google and TikTok via pixels embedded in their websites. He said he shared it with a social media company. In its breach notice, Cerebral said it has been using tracking technology since it went live in October 2019. We recently determined that we disclosed protected health information to third parties and some subcontractors. The information disclosed varied, but may have included names, phone numbers, email addresses, dates of birth, IP addresses, Cerebral client ID numbers, and other demographic information. An individual who has completed a portion of Cerebral’s online mental health assessment may also have disclosed the services selected by the individual, the assessment responses, and certain relevant health information. Individuals who purchase subscription plans from Cerebral also disclose subscription plan type, appointment date and other appointment information, treatment and other clinical information, health insurance/pharmacy benefit information, and insurance copays. there is.[8]

Oregon’s health system, Asante, has notified some patients that local physician Dr. Paul Hoffman improperly accessed patient records for nine years beginning in 2014. “Asante’s investigation indicates that Dr. Hoffman accessed the records out of curiosity and not for fraudulent purposes,” the health system said in a statement. “Asante does not believe that potentially affected patients should take any action in response to this incident, and does not believe this incident increases the risk of identity theft. No,” Asante said Hoffman did not have access to the patient’s social security number, driver’s license number, or banking information. The health system said it reported Hoffman to the Oregon Medical Commission.[9]


1 C. Mandler, “DC Health Link User Data Sold on Dark Web After ‘Major’ Breach,” CBS News, 8 March 2023, Available here. https://cbsn.ws/3Kpp5li.

2 Scott MacFarlane, “Confidential Information of At Least 17 Members of Congress Leaked in Data Breach,” CBS News, 21 March 2023, Available here. https://cbsn.ws/3lUMVfA.

3 DC Health Link, “Data Breach: An Update on Incident Response” https://bit.ly/42WeKEQ.

Four Independent Living Systems, LLC, Data Event Supplemental Notice, 14 March 2023, Available here. https://bit.ly/3Ga3fA1.

Five Jessica Lyons Hardcastle, “Cancer patient sues hospital after ransomware gang leaks nude medical photos” register15 March 2023, https://bit.ly/40Q6g0e.

6 Jane Doe v. Lehigh Valley Heath Network, Inc., Lackawanna County, Pennsylvania, Case No. 23CV1149, filed March 13, 2023, https://bit.ly/3lZlqBn.

7 UC San Diego Health, “UC San Diego Health Notifies Patients of Vendor Data Collection Issues” UC San Diego today16 March 2023, https://bit.ly/3lXAKhQ.

8 Cerebrum, “HIPAA Privacy Breach Notice,” accessed April 3, 2023, https://bit.ly/3nCgK4Z.

9 Derek Strom, “Asante Notifies Patients of Potential Breach of Privacy,” KOBI5.com, 7 March 2023, Available here. https://bit.ly/3K6rfVE.

[View source.]

You may also like

Leave a Comment

The US Global Health Company is a United States based holistic wellness & lifestyle company, specializing in Financial, Emotional, & Physical Health.  

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Copyright ©️ All rights reserved. | US Global Health