The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were
Data Breach
Last Two States Considering Passage of Data Breach Notification Laws
The last two states which have not passed data breach notification laws are Alabama and South Dakota. Sometimes we make jokes about these states as they are so late to the data breach notification table (California was the first state to pass a data breach notification law in 2002) and they seem not to care…
EDUCAUSE Challenges the US DOE’s Guidance on Data Breach Reporting
On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data. EDUCAUSE’s members include IT professionals from over 1,800 colleges and universities as well as other organizations.
First,…
MA AG Launching Online Data Breach Reporting Portal
Massachusetts Attorney General Maura Healey recently announced that her office will be launching a new online data breach reporting portal for companies to use to report data breaches to her office pursuant to the Massachusetts data breach notification statute.
The use of the portal is voluntary and does not relieve companies of their statutory obligations,…
Oklahoma State Hack Compromises Half a Million Records
Oklahoma State University Center for Health Sciences (OSUCHS) has notified 279,865 patients that their protected health information may have been compromised as a result of a hacking incident.
OSUCHS has determined that an unauthorized individual gained access to its system housing Medicaid billing information on November 7, 2017, but it is unable to determine whether…
Hancock Health Hit with Ransomware That Shuts Down Network
It has been predicted that the healthcare industry will continue to be lambasted with ransomware in 2018. It has also been predicted that attackers will move from taking sensitive information hostage to sabotage, service disruption, physical damage and malicious deletion or changes to the integrity of data. Unfortunately, the year has started off true to…
Ancestry.com Server Exposes 300,000 Email Addresses and Passwords
Ancestry.com has confirmed that RootsWeb, its free website for individuals to search genealogy, recently had a security vulnerability on its server that exposed a file containing the usernames, email addresses and passwords of 300,000 users. The compromise occurred in 2015.
According to Ancestry.com, most of the accounts that were compromised were from free trial or…
PayPal’s Canadian Payments Processing Company Suffers Breach
PayPal has acknowledged that TIO, the Canadian payments processing company that it acquired in July 2017 has suffered a data breach that compromised the information of up to 1.6 million users. TIO processes utility and other bill payments and has over 60,000 kiosks in North America.
PayPal suspended TIO’s operations in November as it “did…
Healthcare Data Breaches Continue but Fell in October
The news about data breaches always seems to be dire lately. Some good news: data breaches in the healthcare industry were lower in October than in September, based upon reportable data breaches to the Office for Civil Rights (OCR). Note that only breaches involving more than 500 records have to be disclosed to the OCR…
Cottage Health Pays $2M to CA AG for Data Breach
Cottage Health, a three hospital health care system located in California has agreed to pay the California Attorney General’s Office $2 million to settle allegations that it failed to implement data security safeguards to protect patients’ health information that was accessible online and indexed by search engines.
In December 2013, it was discovered that one…