Idaho State University will pay $400,000 to the Department of Health and Human Services to settle alleged violations of the HIPAA Security Rule. The settlement comes after ISU’s Pocatello Family Medicine Clinic disabled server firewall protections for a period of at least 10 months, resulting in the breach of electronic protected health information for 17,500 patients.

A data entry error in March caused a data breach affecting 8,330 patients of Louisiana State University Health System in Shreveport.

North Carolina-based Piedmont Healthcare notified approximately 2,000 patients of a potential breach of their credit card information and other personal information, according to a May 16 Charlotte Observer story.

Another stolen laptop is the source of yet another data breach. A password-protected, unencrypted laptop was stolen from the care of an employee of Indiana University Health Arnett in Lafayette.

The Regional Medical Center in Memphis is notifying physical therapy patients of a HIPAA breach after an employee sent out three unsecure emails containing the protected health information and Social Security numbers of nearly 1,200 patients.

The University of Rochester Medical Center (URMC) suffered its third significant data breach after officials announced that one of its physicians misplaced an unencrypted USB drive containing the protected health information of 537 patients.

The William Jennings Bryan Dorn VA Medical Center in Columbia, S.C., faces a federal lawsuit following a breach that impacted more than 7,400 veterans. On Feb. 11, a laptop containing personal information--including names, birth dates and partial Social Security numbers--was stolen from the facility. The laptop was unprotected.

A revision to the federal government’s foundational computer security guide, also applicable to and used in the private sector, is available.