This week, Huntsville Hospital in Alabama disclosed a breach involving their vendor, Jobscience. The breach affected those applying for employment with the hospital.
But Huntsville wasn’t the only hospital affected by Jobscience’s breach. In October, and flying under most media radar, Tallahassee Memorial Hospital in Florida disclosed that they had been contacted by Jobscience on September 26. In TMH’s case, the breach affected job applicants spanning March 2005 to August 2018, and may have included first and last name, home address, date of birth, social security number, email address, selected passcode for the application, security question and selected answer, and work history.
Because these breaches involve employees and not patients, we won’t see them on HHS’s breach tool.
DataBreaches.net has sent an email to Jobscience at Bullhorn to ask for more information on the incident and will update if more details are received.
Update Nov. 11: In researching this, I found that on October 31, Softpedia reported yet a third affected entity. From Jobscience’s notification to California:
On October 3, 2018, Jobscience, Inc. advised NorthBay that an unauthorized individual accessed NorthBay applicant information. Jobscience, Inc. is a contracted vendor that provides NorthBay with online employment application management system services. The access involved information pertaining to applicants that applied for a position with NorthBay between December 2012 and May 2018.
Jobscience, Inc. reported that this incident may have included your first and last name, home address, date of birth, email address, Social Security number, or alien registration number.
Update of Dec. 7. Add El Centro Regional Medical Center to the list of affected JobScience clients.