Phishing in the Wrong Pond
Have you heard the one about the company that decided to plan a “Phishing trip” for their employees? Back in 2016, Atlantic Health System circulated a juicy email, promising employees a raise if they would simply respond with some key verification information. The information included employee id, date of birth, and home zip code. Roughly... Continue reading
Hurricanes and HIPAA
The HIPAA Privacy Rule was never intended to hinder life-saving missions, or efforts to ensure public health and safety.
Physical Safeguards for HIPAA, Part 2: Workstation Use
In part 1 of this series, we learned that a laptop containing sensitive, protected health information (PHI) was stolen from the car of a West Virginia Health System employee. To make matters worse, the hard drive containing PHI was unencrypted, leaving the data open to access by unauthorized users. While unfortunate, the occurrence does serve to highlight... Continue reading
Physical Safeguards for HIPAA, Part 1: Facility Access
A recent, potential breach of protected health information (PHI) – including social security numbers, financial information, and medical data – was reported by a major health system in West Virginia. The cause? A stolen laptop, taken from an employee’s car. Despite equipping the laptop with security tools (including password protection), the health system failed to... Continue reading
