Privacy Briefs: July 2019

By Jane Anderson

The Food and Drug Administration is warning patients and health care providers about cyberthreats from using certain Medtronic insulin pumps, which have been recalled. Security researchers found vulnerabilities in some Medtronic MiniMed insulin pumps that could enable unauthorized users to connect wirelessly to a nearby pump. This could allow a hacker to alter or stop the insulin delivered to the patient. The specific pumps recalled were Medtronic’s MiniMed 508 and the MiniMed Paradigm series insulin pumps. Medtronic wrote in a letter to users that it recommended switching to a different type of insulin pump. In addition, it recommended taking additional security steps, including making sure all devices related to the pump were kept in patients’ sight at all times, and monitoring blood sugar levels closely. Read more at https://bit.ly/2L4Ftug.

The health care industry does not have an accurate picture of the sensitive data it acquires, maintains and transmits, according to the results of a survey conducted by Integris Software. The survey of business executives and IT decision makers at mid- to large-sized companies found that most organizations expressed overconfidence in their technical maturity. Despite the health care industry’s history of stringent privacy regulations, it has the second-largest number of cybersecurity breaches when measured across industries, and the highest exposure per breach in 2018, the survey found. More than half of respondents said they needed to access 50 or more data sources to get a defensible picture of where their sensitive data resides, the survey found, even though 70% of respondents said they were “very” or “extremely” confident in knowing where sensitive data resides. Access the survey at https://bit.ly/2YLyYjj.

An online database of more than 5 million records apparently belonging to the website MedicareSupplement.com was left open and accessible to the public, according to UK-based security firm Comparitech Limited. The database appeared to be part of the website’s marketing leads database, Comparitech says. Records exposed contained full names and addresses, email addresses, dates of birth, genders, and marketing-related information. Around 239,000 records also indicated interest in a particular area of insurance—for example, cancer insurance. Data was spread around several categories, including life, auto, medical and supplemental insurance. The IP address of the database first was accessed on May 10 by public search engine BinaryEdge. MedicareSupplement.com disabled access as soon as it was notified. Get the details from Comparitech at https://bit.ly/2XzGqN2.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings