Posted on 09/12/2020 4:11:55 AM PDT by NautiNurse
TAMPA (WFLA) – Moffitt Cancer Center is notifying patients that a briefcase containing personal patient information was stolen from a physician’s car in July.
According to the cancer center on July 4, Moffitt learned about the potential breach that affected over 4,000 patents.
The briefcase contained two personal storage devices, which were not encrypted, and printouts of clinical schedules, according to a patient notice posted Sept. 2 on Moffitt’s website. The information included patient names, dates of birth, medical record numbers and some information about what kind of medical treatment those patients received at Moffitt.
Moffitt says patients social security numbers and financial information were not affected.
The information stolen involves certain patients who received care through the Blood and Marrow Transplant Department.
In an abundance of caution, Moffitt began mailing letters Sept. 2 to affected patients, encouraging them to review all statements from their health care providers and to verify all services.
Neither here nor there, but interesting nonetheless. I was setting up an appointment with a skin doctor to do a cancer screening and other issues. While I was on the phone with the nurse I got a text notification. It was from a lawyer and said that if I had been diagnosed with skin cancer to call this number. This is not the first time I have mentioned something on the phone and suddenly been inundated with ads for that thing.
Creepy.
One similarity—companies with data breaches all wait many months before notifying those affected.
I’m wondering if this an organized and effort and more medical providers have either been hit or targeted...
Nuvance Health announces third-party data breach
And check this one out. Constituent data?!
MUSC impacted by Blackbaud data breach
Just checked since the enemdiot couldn't be bothered to tell readser: MUSC is Medical Univerdity if South Carolina. Constituent data?! Anyway, that's another one.
Pardon my spelling errors.
Just did a search for the keywords data, breach, patient.
Holy cow. Yup, there has been a lot of them recently.
They have 90 days to publicly disclose but only 72 hours to report to law enforcement. This stuff happens all the time in healthcare.
I was on the phone with the nurse. I said, “diagnosed...skin cancer “. Moments later got lawyers ad with sane words.
Are you saying you did not search for skin cancer and/or the physician on the internet before contacting the provider?
At this point in the 21st century, nobody should be transporting unsecured patient health data. Particularly electronic storage in a car in sweltering Florida in the summer. Too many stupid details to count.
That is correct.
Received mail dated 2 Sept 2020 from my local hospital where I’ve spent too much time this past decade.
“...we recently learned that we are one of the more than 200 organizations impacted by a dat breach at Blackbaud, Inc, a third party software company used for our fund raising records...Blackbaud recently informed us that they discovered and stopped a ransomware attack in May.” (The attacker was able to remove a back up file)
Gee, thanks guys for informing in third quarter of second quarter of cyber ransom/data breach. Johnny on the spot!
There’s this nagging feeling that maybe a company called BlackBaud might not be up to snuff...but that’s just me.
The doctor is too stupid to be trusted with patient care.
I doubt anyone would disagree with you, but despite all of the “paperwork reduction” garbage of the last 20 years, patient charts are still stored on paper in many places. Healthcare workers are some of the most notorious for working around IT security policies, and most healthcare IT shops let it slide; because doctors are the income generators for healthcare organizations, and if they’re inconvenience, they’re often the squeakiest wheels. You just simply don’t tell a doctor “no” without reaping a shitstorm.
Shielding the physician name from public notification supports the failure to protect personal patient info. A HIPAA fine would be appropriate here too. Public shame and pocketbook hit from outside the facility would have more influence. The minimum HIPAA fine is $100 per violation, up to $25,000.
At the very least, careless. Who wants a careless doctor?
Actually, upon reflection, probably arrogant rather than stupid. Rules are for peons. He’s to important to be bound by the rules. He SAVES LIVES. (Except for when he doesn’t).
A fine 3x the new price of his car and 6 months cleaning bed pans and mopping hospital floors might be the appropriate response.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.