Greg's Corner

Tagged: HIPAA Toggle Comment Threads | Keyboard Shortcuts

• 

  Geebo 8:00 am on September 15, 2021 Permalink | Reply
  Tags: covid-19 ( 48 ), data breach ( 31 ), HIPAA, identity theft ( 96 ), Walgreens ( 2 )   

  Pharmacy data breach exposes millions of customers’ data 

  

  By Greg Collier

  When someone entrusts a billion-dollar company with their medical information, you might assume that they take security seriously. After all, HIPAA violations are no joke. The largest HIPAA fine so far was $18 million paid by a major health insurance company after they feel for a phishing attack, exposing client data in the process. So, say you’re the largest pharmacy chain in the nation. You’ve also tested countless customers for COVID-19. You must have some kind of impenetrable security in place to keep all that information private, right? Maybe not according to security experts.

  A security consultant had his family tested for COVID-19 back in March at a local Walgreens. While getting his family’s test results, he discovered a flaw in Walgreens’ website that exposed customer information related to the COVID-19 tests. This information is said to have contained name, date of birth, phone number, address, and email along with other sensitive information. The consultant tried to get in touch with Walgreens to warn them about the flaw, but they allegedly ignored him. Tech news site, Recode, also investigated the flaw and notified Walgreens about it. Recode even gave Walgreens time to fix the vulnerability before they published their report, but according to Recode, the vulnerability still hasn’t been fixed.

  As of the time of this post, there has been no confirmation that any bad actor has come into possession of any customer information. However, that doesn’t necessarily mean they haven’t. If you used Walgreens for COVID-19 testing since July 2020, you may want to keep an eye on your credit report. This breach could be a potential treasure trove for identity thieves. The information could also be used by scammers to sound more legitimate since they have some personal details of your life.

   

  Leave a ReplyCancel reply
• 

  Geebo 9:00 am on March 3, 2020 Permalink | Reply
  Tags: data breach ( 31 ), HIPAA, medical privacy, Walgreens ( 2 )   

  Major pharmacy leaks customer data 

  

  Out of all your personal information that could be potentially exposed, it’s probably your medical history that you would least want to be public knowledge. After all, your medical information is the most personal information you have. It’s so personal, in fact, that Congress passed a monumental law back in 1996 to better protect patient privacy. That law was the Health Insurance Portability and Accountability Act, otherwise known as HIPAA. The government has been known to level heavy fines against medical providers when patient privacy has been. One of the nation’s leading pharmacies may now be getting ready to be on the receiving end of one of those record fines.

  [youtube https://www.youtube.com/watch?v=FKTHncn-5Vs%5D

  Walgreens recently announced that their mobile app had a flaw that could have potentially exposed customer’s names along with the medication they’re taking and other health-related information. According to Walgreens…

  The bug allowed “a small percentage of impacted customers” to view one or more personal messages containing limited health-related info of other app users “between January 9, 2020, and January 15, 2020.”

  However, they say that no customers’ financial information has been released. That’s not to say that medical information can’t be used for nefarious purposes. In the past, medical information that was made public has been used to blackmail people.

  Walgreens is said to be sending letters to those affected in the breach but they have also been quiet on the number of customers who have been affected. This isn’t the first time Walgreens has run afoul of HIPAA. In 2013, they were fined $1.4 million when a pharmacist inappropriately shared a customer’s medical data. Imagine how much the fine could potentially be now with a nationwide breach.

  Unfortunately, there’s not much a patient can do once their medical information is out in the wild. At best, they can sue the medical provider for damages but once medical information falls into the wrong hands it’s out there for good.

   
• 

  Geebo 8:06 am on July 2, 2019 Permalink | Reply
  Tags: Google ( 29 ), HIPAA, lawsuit ( 47 ), University of Chicago Medical Center   

  Did a major hospital expose medical records to Google? 

  

  Last week, The University of Chicago Medical Center and Google had a class action lawsuit filed against them. The suit contends that when the Medical Center entered into a partnership with Google it allegedly exposed hundreds of thousands of medical records to the search giant. At the heart of the lawsuit is the allegation that the medical records provided to Google contained identifiable patient information which violates the Health Insurance Portability and Accountability Act, or HIPAA as it’s better known.

  [youtube https://www.youtube.com/watch?v=JY1l5s8ED5c%5D

  According to reports, The University of Chicago Medical Center entered into this partnership with Google in order to assist with Google’s artificial intelligence researchers. The researchers are looking for a way to help doctors better diagnose patients with the help of AI. The medical records provided to Google were said to be stripped of all identifiable information which is permitted under HIPAA. However, the lawsuit claims that the dates of service the patients were seen at the medical center were contained within the medical records. The law firm that has filed the suit states that Google could easily identify a patient with just the dates they were seen because of their knowledge of their users’ search histories.

  So is this a legitimate concern or is this a frivolous lawsuit filed by a paranoid patient? While theoretically, it could be possible for Google to determine a patient’s identity through the records received and their own resources it doesn’t make sense for them to do so. Google has an incalculable number of users and many of them don’t even sign into Google when using the service for search. It also makes no financial sense as Google would not only be open to lawsuits like this but the wrath of the government as well. HIPAA violators tend to be fined very heavily and right now, the government and Google aren’t exactly on the best of terms. So until there is better evidence that Google acted maliciously, it appears that your medical records are currently safe.

   
• 

  Geebo 8:00 am on June 4, 2019 Permalink | Reply
  Tags: data breach ( 31 ), healthcare ( 35 ), HIPAA, privacy ( 46 ), quest diagnostics   

  Giant medical lab bleeds patient information! 

  

  If you’ve ever had a blood test at your doctor’s office that they had to send to a lab, chances are that they may have sent it to Quest Diagnostics. Quest is one of if not the largest medical testing corporation in the country. Due to the sheer amount of testing and processing that Quest does, they must have their logistics down to a T to be able to handle so many patients. However, recent events have shown that even a well-oiled machine is vulnerable to breakdown.

  Within the past few days, it’s been reported that Quest has had a patient data breach on a massive scale. According to reports, close to 12 million patients have had their personal data exposed due to a billing vendor giving unauthorized access to an unidentified person. This information is said to have included financial information such as credit card numbers, medical information, and personal information. Quest claims that the results of any testing have not been exposed but they have also notified law enforcement of the breach.

  [youtube https://www.youtube.com/watch?v=rycsBSVOQDk%5D

  Besides being a PR nightmare for Quest, this could end up being very costly for them as well. Under the Health Insurance Portability and Accountability Act or HIPAA as it’s better known as the government could levy hefty fines against both Quest and their billing vendor for compromising such information. So far the largest HIPAA violation fine has been $5.5 million levied against a hospital that allegedly exposed over 100,000 patients’ information. With Quest and its vendor reportedly exposing the information of 12 million patients we could sadly see a new record being set.