Okay, here’s a breach report that had me scratching my head. See if this makes sense to you: a former Snelling Staffing employee tried to set up a cloud-based server at home and exposed employee information. But if s/he was a “former employee” at the time, why was s/he in possession of any employee information…
Month: April 2014
Another email gaffe leads to breach notifications, Tuesday edition
Today’s human error example comes from Willis North America, who reports that an employee accidentally attached a spreadsheet with employee information to an email reminding employees about earning wellness credits for the firm’s Medical Expense Benefits health plan. You can read more in their April 17th notification to the New Hampshire Attorney General’s Office. Update:…
Seattle University notifies students after learning of possible information exposure
Seattle University was contacted by a student who discovered that permissions for some folders in the university’s Microsoft Exchange folder system had been set incorrectly, allowing anyone with a university email address to gain access to the files in those folders. The university reports that 628 current and former students had personal information in those…
QCA Health Plan settles HHS charges stemming from laptop theft breach in October 2011
QCA Health Plan, Inc., of Arkansas, has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, agreeing to a $250,000 monetary settlement and to correct deficiencies in its HIPAA compliance program. On February 21, 2012, HHS received notification from QCA regarding a breach of…
Concentra Health settles HHS charges over 2011 laptop theft breach, to pay $1.7M
Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules, and will adopt a corrective action plan to evidence their remediation of these findings. The settlement stems from an incident on November 30, 2011 (previously reported…
Healthcare security stuck in Stone Age
Erin McCann reports: The new 2014 Verizon Data Breach Investigations Report highlights a concerning carelessness regarding privacy and security, specific to the healthcare industry. “They seem to be somewhat behind the curve as far as implementing the kinds of controls we see other industries already implemented,” said Suzanne Widup, senior analyst on the Verizon RISK…