Software updates are an all-too-common source of breaches. Here’s another one, this involving Blue Shield of California. From their notification to the California Attorney General’s Office: As the (unintended) result of a computer code update Blue Shield made to the website on May 9, three users who logged into their own website accounts simultaneously with…
Category: Breach Incidents
NY: Metropolitan Hospital Center notifies almost 4,000 patients of breach
The NYC Health and Hospitals Corporation is providing some powerful reminders of the importance of auditing and monitoring employee emails. Last month, I noted that they had detected breaches involving patients at Bellevue Hospital and Jacobi Medical Center. On June 1, HHC notified HHS of yet another email-related breach, this one involving Metropolitan Hospital Center….
Laptops stolen from National Seating and Mobility contained some patient information
National Seating and Mobility notified the New Hampshire Attorney General’s Office on June 12 of an incident that occurred on April 14, 2015 when two laptops, a smartphone, a backpack, and a briefcase were stolen from two employees’ locked work vans in Atlanta, Georgia. The incidents were immediately reported to the police and NSM was…
Arizona state agency website hacked to display Muslim message
On June 10, Mary Jo Pitzl reported: A group that calls itself the Middle East Cyber Army hacked into the Arizona Department of Weights and Measures website over the weekend, the second known attack on an Arizona site. MECA also hacked into the site of Art and Sol, a Scottsdale-based group that produces children’s musical…
NH: Stolen laptop contained student information from Monadnock Regional School District
On June 5, Monadnock Regional School District nofitied the New Hampshire Attorney General’s Office that a laptop stolen from an employee’s residence contained unencrypted information on 54 students. The employee was authorized to take work home. Reading further into the letter, however, it appears that the laptop was stolen from the employee’s vehicle, not their…
Rogue Equifax employee improperly accessed Rite Aid employees’ information
Pharmacy giant Rite Aid receives online paystubs, W-2s, and self-service applications from Equifax. In early March, Equifax notified Rite Aid that it had detected suspicious activity on some Rite Aid employee accounts. Equifax’s investigation resulted in a subsequent notification to Rite Aid on April 30 that an employee had misused their privileged access to reset…