Archives: Data Breach

Subscribe to Data Breach RSS Feed

Paper Records Still Problematic for Healthcare Providers

Data breaches continue to be an issue for healthcare providers, as indicated when looking at breaches reported to the Office for Civil Rights (OCR), as required by HIPAA. In the first three months of 2018, there were 77 breaches of protected health information (PHI) reported to OCR, which included more than one million patient records. … Continue Reading

Former Employee of SunTrust Lifts 1.5 million Customers’ Information

SunTrust Banks Inc. (SunTrust) recently notified 1.5 million customers that information, including their names, addresses, telephone numbers, and account balances, was taken by a former employee. Curiously, although SunTrust indicated that no customer Social Security numbers or driver’s license information were included in the information lifted by the former employee, it is offering free identity … Continue Reading

Blue Shield of California Notifies Insureds of Disclosure of PHI to Insurance Broker

According to a notification letter sent to an unknown number of patients, Blue Shield of California (Blue Shield), “shared” the protected health information of members with an insurance broker who was not supposed to receive it. Apparently a Blue Shield employee sent the information via an email to the broker during the 2018 Medicare Annual … Continue Reading

Busy Data Breach Week

Unfortunately, it was another busy data breach week. Here’s a summary of the major ones. Delta Airlines admitted in a statement that the payment card data of several hundred thousand customers might have been compromised by malware between September 26 and October 12, 2017, through a third-party vendor ([24]7.ai that provides online chat services to … Continue Reading

Improper Data Sharing With Cambridge Analytica May Affect 87 Million Facebook Users

Facebook reports that the personal data of 87 million Facebook users, mostly located in the United States, “may have been improperly shared” with British data analytics firm Cambridge Analytica. Previous estimates put the possible scope of improper sharing at about 50 million users. The increased number was calculated by Facebook by totaling the friends of … Continue Reading

Oregon Strengthens Data Breach Reporting Law

Oregon Governor Kate Brown recently signed a new data breach reporting law (S. 1551) that toughens the state’s existing requirements. The new law requires companies to notify individuals within 45 days after a data breach has been discovered, unless a delay in notification is requested by law enforcement. It expands the definition of personal information … Continue Reading

Orbitz Confirms Breach of Travel Records and Credit Card Information of 880,000 Individuals

Orbitz, the travel booking entity that is owned by Expedia, has confirmed that it has “identified and remediated a data security incident affecting a legacy travel booking platform.” This means that one of its older websites that are used by customers to book their travel plans was hacked. The statement says that Orbitz uncovered evidence earlier … Continue Reading

Verizon Protected Health Information Data Breach Report Concludes that Insiders Are Greatest Threat to Health Care Entities

Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats. Insider threats can … Continue Reading

473,807 Patient Records Compromised in January, 2018—83 Percent Caused by Hacking Incidents

The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading

EDUCAUSE Challenges the US DOE’s Guidance on Data Breach Reporting

On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data. EDUCAUSE’s members include IT professionals from over 1,800 colleges and universities as well as other organizations. First, … Continue Reading

MA AG Launching Online Data Breach Reporting Portal

Massachusetts Attorney General Maura Healey recently announced that her office will be launching a new online data breach reporting portal for companies to use to report data breaches to her office pursuant to the Massachusetts data breach notification statute. The use of the portal is voluntary and does not relieve companies of their statutory obligations, … Continue Reading

Oklahoma State Hack Compromises Half a Million Records

Oklahoma State University Center for Health Sciences (OSUCHS) has notified 279,865 patients that their protected health information may have been compromised as a result of a hacking incident. OSUCHS has determined that an unauthorized individual gained access to its system housing Medicaid billing information on November 7, 2017, but it is unable to determine whether … Continue Reading

Hancock Health Hit with Ransomware That Shuts Down Network

It has been predicted that the healthcare industry will continue to be lambasted with ransomware in 2018. It has also been predicted that attackers will move from taking sensitive information hostage to sabotage, service disruption, physical damage and malicious deletion or changes to the integrity of data. Unfortunately, the year has started off true to … Continue Reading

Ancestry.com Server Exposes 300,000 Email Addresses and Passwords

Ancestry.com has confirmed that RootsWeb, its free website for individuals to search genealogy, recently had a security vulnerability on its server that exposed a file containing the usernames, email addresses and passwords of 300,000 users. The compromise occurred in 2015. According to Ancestry.com, most of the accounts that were compromised were from free trial or … Continue Reading

Henry Ford Health System Notifies 18,000+ Patients of Health Data Breach

On December 6, 2017, Henry Ford Health System (HFHS) disclosed that health information of 18,470 patients may have been viewed or stolen. HFHS became aware of the incident on October 3, 2017 after employee credentials were accessed or stolen. According to a statement published on HFHS’ website, Social Security numbers and credit card information were … Continue Reading

Cottage Health Pays $2M to CA AG for Data Breach

Cottage Health, a three hospital health care system located in California has agreed to pay the California Attorney General’s Office $2 million to settle allegations that it failed to implement data security safeguards to protect patients’ health information that was accessible online and indexed by search engines. In December 2013, it was discovered that one … Continue Reading

North Carolina DHS Notifies 6,000 of Data Breach of Drug Testing Information

The North Carolina Department of Health and Human Services has notified close to 6,000 individuals that a spreadsheet containing the names, Social Security numbers and test results for routine drug testing for employment, internships and volunteer opportunities was sent via an unencrypted email to a vendor in error. Misdirected emails are a frequent occurrence and … Continue Reading
LexBlog