You also don't know if the records were tampered with. The fact that they were
able to encrypt them shows that they had the capability to tamper with them.
It's not a likely attack (too much money to be made with the simple approach),
but it's possible.
David Lang
On Thu, 13 Nov 2014, Morgan Blackthorne wrote:
My thought would be that if something got into the setup enough to encrypt
the files, it could have also transmitted them.
On Nov 13, 2014 1:56 PM, "Bill Bogstad" <bogs...@pobox.com> wrote:
On Thu, Nov 13, 2014 at 7:42 PM, Tracy Reed <tr...@ultraviolet.org> wrote:
On Thu, Nov 13, 2014 at 10:11:28AM PST, Morgan Blackthorne spake thusly:
I'd be wondering if HIPPA requires him to disclose the breach to his
clients since it is medical information.
Yes.
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/
But if he didn't even have separate backups I doubt he will be overly
concerned
about this. For better or worse, odds are DHHS will never know about it
unless
one of his patients reports him so likely nothing will come of it.
I'm not so sure. If the data was encrypted in place (never left his
systems) then
it was never disclosed to inappropriate parties and my reading of that
link is that this would not be considered a breach. Not that this
would make me happy as a patient...
Bill Bogstad
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
