Despite top stories regarding ICD-10, interoperability and more, privacy and security dominated the headlines in the healthcare arena again this week.

Yet another massive data breach hit the news this week when New York insurer Excellus Blue Cross and Blue Shield announced a sophisticated cyberattack impacting 10 million patients.

Excellus discovered the attack on Aug. 5 and an investigation determined that it occurred on Dec. 23, 2013, according to a statement from Christopher Booth, the insurer's CEO.  The hackers are believed to have had access to customers' names, dates of birth, Social Security numbers, mailing addresses, telephone numbers, member identification, financial account information and claims information, which would likely include medical data.

In better news, a California court has found that UCLA Health System is not responsible for the unauthorized release of information from a woman's medical record. The decision saved the organization from having to pay the $1.25 million the plaintiff sought for emotional distress and invasion of privacy.

A romantic triangle led to an employee accessing the plaintiff’s records and revealing a sexually transmitted disease. The plaintiff accused UCLA of not doing enough to prevent unauthorized access of her medical records, including enabling a second form of security before the breach occurred. 

While I'm sure UCLA Health is happy about the outcome, the cost of fighting the suit could not have been insignificant.

Here's hoping for better news next week.

Beth Walsh

Clinical Innovation + Technology editor