Katie McKellar reports: A security breach in the Utah Food Bank‘s website may have resulted in the disclosure of more than 10,000 donors’ personal information. In a letter that was sent to a donor on Tuesday and obtained by the Deseret News, Utah Food Bank officials said they recently discovered that an “unauthorized individual” may have…
Category: U.S.
Michigan’s Catholic workers are latest cyber victims
Bill Laitner reports: A Catholic agency in Lansing that handles payroll processing and employee benefits across Michigan is the state’s latest victim of a major cyber attack. The Michigan Catholic Conference sent letters this week to more than 10,000 employees, warning them that their personal information has been compromised, officials said Friday. […] Although the…
Duty of confidentiality trumps your desire to defend your reputation
Remember when Prime Healthcare and Shasta Regional Medical Center were fined by federal and state agencies for breaching patient privacy? They had willfully disclosed patient details to the media after the media had reported the patient’s complaint about them. At the time, I noted that just because a patient discloses information, that does not give the covered entity the…
Boston University notifies medical research participants after server compromise
When a Boston University server was used to launch attacks against a system in Nova Scotia in May, the Nova Scotia network administrator contacted BU to alert them. BU’s month-long investigation revealed that one of its servers had been compromised – possibly by a hacker in Russia – in March 2015. Of note, the compromise…
“Small” breach, big impact, redux
In November 2013, I blogged about the case of a privacy breach at Northern Inyo Hospital that was so devastating to the patient that she was going to move away. The breach was a willful insider breach that impacted a custody dispute. That same year, and unbeknownst to most people, there was a lawsuit filed over another insider…
MA: Records request yields heavily redacted letter sent to state Attorney General in wake of Amherst website data disclosure
An update to a previously noted breach. Scott Merzbach reports: A public records request by the Daily Hampshire Gazette seeking more information about the disclosure of residents’ personal information through the Amherst municipal website yielded a heavily redacted letter that collector and treasurer Claire McGinnis sent to state Attorney General Maura Healey, notifying her office…