Report: Third-Party Breaches in the Healthcare Sector Are Nothing to Sneeze At
DataBreaches.net has reported on a number of breaches in the healthcare sector this year that involved third parties, so I thought that I’d try to compile them to see how 2016 was shaping up. The...
View ArticleMA: Codman Square Health Center notifies members after breach at NEHEN
Notice of breach of unsecured health information This is a notice for patients whose information is accessible through New England Healthcare Exchange Network (NEHEN). On July 13, 2016, Codman Square...
View ArticleNapa Valley Dentistry notifies patients after theft of server from storage...
A dental practice that purchased another dentist’s practice in 2012 finds itself having to notify their patients and his former patients after the theft of a server from a storage facility. In a...
View ArticleNewest OCR settlement highlights need to review and update Business Associate...
A newly announced settlement between HHS OCR and Care New England reinforces what DataBreaches.net and Protenus, Inc. have been trying to remind everyone of this week: pay more attention to your...
View ArticleUPDATE: 5,000 Marin Medical Practices Concepts patient records lost during...
In August, I noted a ransomware attack on Marin Medical Practices Concepts (MMPC), a business associate providing billing and EMR services to many physicians. The ransomware prevented the physicians...
View ArticleFeds rehire contractor linked to massive OPM data breach
Nicole Duran reports: The Obama administration has rehired an outside contractor that was partly responsible for what many think was the largest theft of personal information from the government in...
View ArticleUniversity of Central Florida police trace credit card fraud to restaurant...
Gabrielle Russon reports: UCF police have determined that a vendor whose restaurants had malware on its computers is the potential root of the spike in campus credit card fraud cases last month. The...
View ArticleAU: Attackers exploiting CBA health fund data breach
Allie Coyne reports: The not-for-profit health fund that services Commonwealth Bank staff is warning customers not to click on dodgy emails after attackers stole customer data from one of its...
View ArticleAU: Event Organizer Suffers Data Breach After Hacker Steals Mailing Lists
Catalin Cimpanu reports: Pont3, an Australian event organizer, revealed yesterday that an unauthorized party had gained access to its mailing list account and downloaded data about individuals that...
View ArticleSubcontractor error exposed Vermont Health Connect customers’ SSNs
AP reports: A security lapse earlier this summer has jeopardized the Social Security information of nearly 700 users of Vermont’s online health insurance marketplace. Vermont Public Radio reports...
View ArticleVendor’s employee stole W-4 forms for SIRF scheme
A case involving identity theft reported by the USAO for the Middle District of Alabama this week: A Phenix City, Alabama man was sentenced to 24 months in prison today for his role in a stolen...
View ArticleCurtis F. Robinson, M.D. notifies patients after ransomware attack on EMR...
From the press release, this appears to be the same ransomware incident that Marin Medical Practices Concepts previously reported. Both MMPC Prima Medical Foundation subsequently reported that 5,000...
View ArticleTX: Katy ISD notifies parents after third-party error by SunGard K-12
Shelby Webb reports: Katy ISD warned about 78,000 of its students and staff members that their personal data – including social security numbers, names and birth dates – may have been accessed during a...
View ArticleIndiana business associate providing employee benefits management notifies...
From their notification letter, which does not explain why it took 2.5 months for them to make notifications nor where the laptop was stolen: We are writing to inform you of a data security incident...
View ArticleIL: Mercy Hospital & Medical Center notifies patients after billing service...
From their substitute notice: On August 15, 2016, Mercy Hospital & Medical Center discovered that some medical billing information for a total of 547 patients was potentially exposed as a result of...
View ArticleSG: Fined for leaking 8,000 people’s personal data
K.C. Vijayan A printing firm hired by an insurance company sent erroneous account statements to policyholders that resulted in more than 8,000 people having their personal data leaked. The data breach...
View ArticleAustralia’s biggest data breach sees 1.3m records leaked
Allie Coyne reports: More than one million personal and medical records of Australian citizens donating blood to the Red Cross Blood Service have been exposed online in the country’s biggest and most...
View ArticleNZ: Novopay botch up creates security breach for school staff
From Fuseworks Media: Some schools have been sent the full payroll information of other schools this week in what appears to be a significant privacy breach by Novopay, the school payroll service. The...
View ArticleBusiness associate breach affected Greenville Health System patients
Back in July, Ambucor Health Solutions reported a breach to HHS that affected 1,679 patients. Their report, submitted as a Business Associate, was coded as “Unauthorized Access/Disclosure – Email,”...
View ArticleUK: Missing GP records in Essex, Norfolk and Suffolk ‘total 9,000’
Nikki Fox reports: More than 9,000 patients’ records in Norfolk, Suffolk and Essex have gone missing since a private firm took on transferring files, a BBC survey shows. Capita took on the national...
View Article