Rogue insiders can go undetected for a long time….
So how are you determining if your Business Associate or vendor has a rogue employee who may be stealing or misusing your patients’ protected health information? A notification from Anthem regarding...
View ArticleNuance says majority of clients back online after Petya cyberattack
As Nuance continues to attempt to restore services following the Petya attack in June, it’s interesting to note their conclusion that this was not a reportable breach under HIPAA.
View ArticleCNIL Fines Rental Car Company for Data Security Failure Attributable to...
Hunton & Williams explain: On July 27, 2017, the French Data Protection Authority (“CNIL”) imposed a fine of €40,000 on a French affiliate of the rental car company, The Hertz Corporation, for...
View ArticleAU: Blood Service escapes penalties in data breach investigation
Allie Coyne reports: The Australian Red Cross Blood Service and its website contractor have escaped penalties from the country’s privacy watchdog over a 2016 data breach that exposed the data of...
View ArticleSurgical Dermatology Group notifies patients after TekLinks hacked
From their web site: On June 7, 2017, Surgical Dermatology Group in Birmingham, Alabama (“SDG”) received notice from its cloud hosting and server management provider, TekLinks, Inc., of a security...
View ArticleUS Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records
Dell Cameron reports: A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents. State authorities and the...
View ArticleUK: Anonymous hacker claims to have stolen the NHS medical records of...
Shaun Wooler reports: A computer geek with alleged links to global hacking group Anonymous has stolen patient data from an NHS appointment booking system. The crook breached a private contractor’s...
View ArticleAU: OAIC investigating Flight Centre customer data leak
Allie Coyne reports: Travel agency Flight Centre is under investigation by the country’s privacy regulator after accidentally releasing personal information of an undisclosed number of its customers to...
View ArticleThousands of Security Firm Job Applications Citing Top Secret US Government...
Dell Cameron reports: Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon...
View ArticleAccess Group notifies borrowers of data security incident
It’s not just edtech vendors students need to watch out for when it comes to privacy and data security. Vendors that help process student loans may also put you at risk, as this notification from...
View ArticleAustralia’s Largest Bank Lost The Personal Financial Histories Of 12 Million...
Paul Farrell reports: The Commonwealth Bank lost the personal financial histories of 12 million customers, and chose not to reveal the breach to consumers, in one of the largest financial services...
View ArticleMAXIMUS notifies 3,029 patients after Business Ink mailing error exposes PHI
The following was the notification MAXIMUS sent out on April 17 and that they kindly provided to this site today. There was also a Spanish-language version: MAXIMUS today notified approximately 1,100...
View ArticleCapital Digestive Care patient data exposed by vendor error
Sometimes by the time a notification appears on a state breach notification site, I’ve forgotten whether I ever reported it or not. Case in point: Capital Digestive Care in Maryland. I knew about it...
View ArticleFastHealth breach still first being disclosed to some clients’ patients
Ugh. The FastHealth breach is still dripping out with yet more people first being notified. This time, it’s Cullman Regional. There’s no provision in HITECH (at least as far as I know) that would...
View ArticleRemember your baby’s newborn pictures? They may still be online.
“I would like to tell you about something, but could you keep my name out of it?” That’s how so many of my investigations begin these days – with a request to protect the identity of independent...
View ArticleData breach affects nearly 900 patients from two San Francisco hospitals
Catherine Ho reports: The personal information of nearly 900 patients of San Francisco General and Laguna Honda hospitals was breached after a former employee of one of the hospitals’ vendors got...
View ArticleMississippi State Ed Dept. says contractor failed to provide test results on...
Questar Assessment, who has been named in about half a dozen posts on this site in 2018 already, makes the news again, it seems. Now Kayleigh Skinner reports: The Mississippi Department of Education...
View ArticleMason Law Office notifies clients of hack involving mycase.com
So for a law firm, I would think this would be a really bad breach to have to disclose. Mason Law Office in Sacramento sent a copy of their notification to the California Attorney General’s Office....
View ArticleMore than 200,000 patients’ records were exposed on MedEvolve’s public FTP...
Common sense dictates that patients’ protected health information should not be made freely available on FTP servers that have no login required. And yet it still happens, and has happened again....
View ArticleSimplyWell (Viverae) notifying Lincoln Electric System employees of of...
It’s been a while since I’ve noticed a third-party breach of a wellness vendor, but here we go, it seems. SimplyWell (“Viverae”) works with Healthbreak, who provides wellness services to the firm in...
View Article