DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Fairfax County Notice: Unauthorized Vendor Release of Personal and Medical Information

Posted on December 16, 2014 by Dissent

Fairfax County, Virginia issued the following release yesterday about a breach that does not appear on HHS’s public breach tool and that was not previously known to this site. They say a total of 595 individuals were affected, but the number whose PHI were involved was not specified: 

Since a 2012 unauthorized data release by the third party vendor, Meridian, managing its multi-function devices used for scanning, faxing and printing documents, Fairfax County Government has contacted, or attempted to contact, individuals impacted by the disclosure of electronic protected health information (ePHI) and personally identifiable information (PII) exposed to the Internet.

Notification letters have been mailed to all with available contact information. This notice is being published to locate current contact information for:

  • 47 individuals whose PII was exposed.
  • 33 individuals whose ePHI was exposed.

In May 2014, Fairfax County Government discovered that data from multi-function devices was exported by a county contractor, Meridian, from an on-site county server to an Internet-accessible server owned and maintained externally by Meridian. This unauthorized export occurred in October 2012 by a Meridian technician responsible for supporting these multi-function devices and systems.

Fairfax County takes the circumstances surrounding this breach of personal and medical information very seriously and, upon discovering the potential data exposure, immediately took steps for remediation, mitigated further exposure and enforced security and data requirements with the vendor.

The export included a limited collection of documents that had been scanned on these multi-function devices by county personnel between approximately June 2010 and October 2012 and rejected by the system due to an error. The documents exposed on Meridian’s server included PII, such as Social Security numbers, driver’s license numbers and/or financial account numbers, as well as ePHI, on county employees and other individuals.

At Fairfax County’s request, Meridian agreed to notify all impacted individuals and provide free credit monitoring services. As a precautionary measure to safeguard an individual’s information from potential misuse, Meridian has partnered with Equifax to provide its 3-in-1 Alerts identity theft protection product to an impacted individual for one year at no charge.

Individuals who would like more information about this specific exposure of information may contact Meridian at:

  • Meridian
    5775 General Washington Drive
    Alexandria, VA 22312
    Phone: 571-282-2449, TTY 711

Individuals who require additional information concerning Health Insurance Portability and Accountability Act (HIPAA) patient rights may contact:

  • Fairfax County Government HIPAA Compliance Program
    12000 Government Center Parkway, Suite 527, Fairfax, VA 22035
    Phone: 703-324-4136, TTY 703-968-0217
    infosec@fairfaxcounty.gov

and/or

  • Secretary of the Federal Department of Health and Human Services (HHS)
    Office for Civil Rights, Region III
    U.S. Department of Health and Human Services
    150 S. Independence Mall West, Suite 372, Philadelphia, PA 19106-3499
    Phone: 215-861-4441, TTY 215-861-4440

Related:

  • Maintenance Note
  • CISA Alert: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
  • System Status Note
  • System Status Note
  • Fraudster's fake data breach claims should remind media to be careful what we report
  • "Pompompurin" taken into custody after violating conditions of pre-sentencing release on bond (1)
Category: Uncategorized

Post navigation

← Reeve-Woods Eye Center notifies 30,000 patients after malware discovered on computers
Banks: Park-n-Fly Online Card Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report