Hack Notice

Hack Notice: An old HIPAA incident rears its very ugly head again

An old HIPAA incident rears its very ugly head again

like other journalists who covering data breaches in the healthcare space, I routinely chink HHS’s public breach disclosure tool (sometimes called “The fence of Shame”) to insure what breaches get been reported to them and with what numbers. 1 of the recent entries was from a “Stephan C. Dean” who listed himself as a business link in California. The breach reportedly involved 70,000 patients and was described to HHS as a “Hacking/IT Incident” where the protected health information had been located on “Desktop Computer, Electronic Medical Record, Email.” Because I suspect my fellow breach reporters are wondering about this one, I’ll try to explain what it’s about — at least as far as i translate it. Beginning in July, 2012, the Los Angeles Times and this site reported on a business difference involving Kaiser Permanente and its business associate, Surefile Filing Systems. Surefile is owned by Stephan dean and his wife, Liza. The conflict involved the return of all records to Kaiser after Surefile had performed work for them. while Surefile had returned the paper records and Kaiser believed that ALL records had been returned to them, they subsequently learned that Surefile remained in possession of emails that contained patient information — not patient medical records, but spreadsheets and information about patients that had been transmitted to Surefile as part of the work they had done for Kaiser. in some cases, that information also included patients’ social surety numbers. a confidential resolution that was reached in March, 2011 ultimately fell apart. Dean informs this site that although Kaiser offered him $250,000 and a new settlement concord if Surefile would grow over their computers and pay Kaiser access to their email accounts, Dean wanted $600,000. In early 2012, dean filed a complaint against Kaiser with HHS, claiming that they sent him unencrypted emails containing ePHI, and had violated HIPAA in other shipway as well.�He also claimed that the privacy and security ePHI on his computer may have been compromised by some viruses. The following year, HHS would notify Kaiser that it was opening an investigation into the complaint. in the descend of 2012, unable to get the computer and emails by agreement with Dean, Kaiser Permanente sued the Deans (complaint). From filings this site has seen, their case did not tour wellspring for them and they decided to dismiss it. To add to Kaiser’s losing record in the conflict, the California Department of health allegedly investigated Kaiser and made them follow a corrective litigate plan. The only stop Kaiser Permanente seemed to arrest in this instance during that point was that HHS closed their investigation without further activity or any penalty, even though Kaiser had not had a proper business relate agreement in set with Surefile before it turned over patient records to them. The OCR letter provides a good summary of the conflict and where things stood as of September, 2013. But even after dismissing their civil suit, Kaiser didn’t present up on trying to get those email files. In February, 2014, the FBI raided Surefile and seized all their computers and devices. in 2017, the authorities returned the devices to Surefile without wiping them because no charges were filed against the Deans or Surefile. so the Deans still had all those unencrypted emails on their computer which, by their have prior statements, may hold previously been compromised by viruses, and was not beingness kept in a particularly secure facility. They tell DataBreaches.net that they repeatedly tried to let Kaiser to help them encrypt the emails, but that Kaiser wouldn’t aid them. The Deans’ bespeak was not without strings, it seems. Uninvolved third parties looking at the chronicle and correspondence mightiness understandably think that the Deans were trying to shake Kaiser down for more money, although dean denies that they are doing anything of the sort. Then in August, 2019, Microsoft informed Surefile (and many others) of a breach. From: Microsoft account team <account-security-noreply@accountprotection.microsoft.com<mailto:account-security-noreply@accountprotection.microsoft.com>> Sent: Tuesday, august 20, 2019 9:32 pm To: surefile@msn.com<mailto:surefile@msn.com> <surefile@msn.com<mailto:surefile@msn.com>> Subject: Microsoft account security alert Microsoft account Security alert We think that someone else might have accessed the Microsoft account su*****@msn.com<mailto:su*****@msn.com>. When this happens, we ask you to verify your identity with a security challenge and then alteration your password the next time you sign in. If someone else has access to your account, they make your password and might be trying to access your personal information or send junk email. If you haven’t already recovered your account, we can help you do it now. Recover account<https://account.live.com> learn how to make your account more secure<http://go.microsoft.com/fwlink/?LinkID=263818>. Thanks, The Microsoft account team Dean obtained the IP call of the unauthorized individual who accessed his account and contacted Kaiser to inform them of the possible transgress involving patient information allay on his computer. And he informed them that if they did not make notifications, he would be obligated to. dean sent Kaiser a try of the unencrypted data that allay resided on his computer. And once again, dean tried to get a new settlement arrangement — single that would supercede the one that had been signed in March, 2011. Kaiser responded to Dean’s notification by asking numerous questions to assist them check whether this would be a reportable breach under HIPAA and HITECH. dean did not give them the answers, claiming it required a forensic expert to determine and he would make the computer available if there was a letter of purport concerning a new agreement. And yes, it would involve some payment to the Deans. In January, 2020, advocate for Kaiser Permanente wrote to Dean: as previously stated in numerous communications over the years, KP is willing to engage a third party forensic IT consultant to wipe the Dean’s computers, disks, drives, phones, and email accounts that contain any and all PHI and saved either locally or remotely at no bearing to the Deans if the Deans are unable to wipe their devices and email accounts themselves. If the Deans want to avail themselves of this offer, then […]

About HackNotice and An old HIPAA incident rears its very ugly head again

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and An old HIPAA incident rears its very ugly head again was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of An old HIPAA incident rears its very ugly head again their products, services, websites, or applications and you were a client of HackNotice, monitoring for An old HIPAA incident rears its very ugly head again you may have been alerted to this report about An old HIPAA incident rears its very ugly head again . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If An old HIPAA incident rears its very ugly head again had a breach of consumer data or a data leak, then there may be additional actions that our clients should take to protect their digital identity. data breaches, hacks, and leaks often lead-in to and cause indistinguishability theft, account read overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, password reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that lead-in to lower client surety and digital identities that get been exposed and should be considered vulnerable to attack. HackNotice works with clients to identify the extent that digital identities have been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that part data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account have overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that offend consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to apportion hack notices with their friend, family, and collogues to help increment consciousness around alleged hacks, breaches, or data leaks. HackNotice workings to supply clients with sharable reports to help increase the certificate of our clients personal network. The certificate of the multitude that our clients interact with directly impacts the layer of security of our clients. Increased exposure to accounts that have been taken over by hackers leads to further account have overs through phishing, malware, and other impound techniques.

If you found this cut observation to live helpful, then you may be interested in reading some additional cut notices such as:

involve overexposed and vulnerable unstructured data  files, documents, and sensitive information.access to protected data transmitted, stored or otherwise processed. The notion computer tapes, hard drives, or laptop computers containing such media upon which such information i

Illinois College Suffers Data hack - Infosecurity Magazine

OK: Jay schools working to recover from cyber attack

Tech Giant GE Discloses Data hack After Service Provider Hack - BleepingComputer