The NYC Health and Hospitals Corporation is providing some powerful reminders of the importance of auditing and monitoring employee emails. Last month, I noted that they had detected breaches involving patients at Bellevue Hospital and Jacobi Medical Center. On June 1, HHC notified HHS of yet another email-related breach, this one involving Metropolitan Hospital Center….
Category: Breach Incidents
Laptops stolen from National Seating and Mobility contained some patient information
National Seating and Mobility notified the New Hampshire Attorney General’s Office on June 12 of an incident that occurred on April 14, 2015 when two laptops, a smartphone, a backpack, and a briefcase were stolen from two employees’ locked work vans in Atlanta, Georgia. The incidents were immediately reported to the police and NSM was…
Arizona state agency website hacked to display Muslim message
On June 10, Mary Jo Pitzl reported: A group that calls itself the Middle East Cyber Army hacked into the Arizona Department of Weights and Measures website over the weekend, the second known attack on an Arizona site. MECA also hacked into the site of Art and Sol, a Scottsdale-based group that produces children’s musical…
NH: Stolen laptop contained student information from Monadnock Regional School District
On June 5, Monadnock Regional School District nofitied the New Hampshire Attorney General’s Office that a laptop stolen from an employee’s residence contained unencrypted information on 54 students. The employee was authorized to take work home. Reading further into the letter, however, it appears that the laptop was stolen from the employee’s vehicle, not their…
Rogue Equifax employee improperly accessed Rite Aid employees’ information
Pharmacy giant Rite Aid receives online paystubs, W-2s, and self-service applications from Equifax. In early March, Equifax notified Rite Aid that it had detected suspicious activity on some Rite Aid employee accounts. Equifax’s investigation resulted in a subsequent notification to Rite Aid on April 30 that an employee had misused their privileged access to reset…
San Luis Obispo County Community College District notifies employees of breach
On May 31st, Cuesta College sent a notification letter to employees, a copy of which was provided to the California Attorney General’s Office. It reads, in part: It has come to the attention of the San Luis Obispo County Community College District (“the District”) that on May 31, 2015 a District employee gained unauthorized access to the District’s employee database…