It's well known that lost or stolen unencrypted computing devices account for the majority of large health data breaches. But a new report from the Department of Health and Human Services shines a light on how frequently breaches - especially smaller ones - involve paper records.
The total number of employees affected by a breach of financial information at the University of Pittsburgh Medical Center has more than doubled to 62,000 in a case that's resulted in federal income tax fraud and triggered lawsuits.
Local police are investigating a breach involving inappropriate access to about 600 patients' records by a former employee at ProMedica Bay Park Hospital in Oregon, Ohio. Find out what information was exposed.
The federal tally of major health data breaches has hit a new milestone; it now lists more than 1,000 incidents affecting 500 or more individuals. Experts weigh in on the lessons to be learned from the details of these breaches.
As federal regulators weigh changes in the requirements for the HITECH Act electronic health record financial incentive program, it's essential that they adequately address privacy and security issues.
The recent discovery of malware on a server storing health data used for research has prompted Kaiser Permanente to contact 5,100 patients about a potential privacy breach. The malware infection went undetected for more than two years.
At a Senate hearing, GAO previewed a report that shows cyber-incident response shortcomings at federal agencies. And the FTC chair asked Congress for broad authority in enforcing a federal data breach notification law - if one is enacted.
More than 30.6 million individuals have been affected by major healthcare data breaches since 2009, the latest federal tally shows. Some security experts predict breach trends will shift, with business associates being implicated more often.
In this week's breach roundup, read about the latest incidents, including the University of California San Francisco reporting its third data breach in the last six months involving the theft of computers containing patient information.