Andy Cerota reports: A government contractor in Houston who was supposed to be signing people up for Obamacare stole personal information from at least 17 people around the country. Kenneth Bacon, who worked in a Houston call center, is accused of taking down the names, dates of birth and Social Security numbers that enrollees gave…
Category: U.S.
Schools official mistakenly leaks student data in PowerPoint document
Donna St. George reports: When the chief technology officer for Montgomery County schools gave a talk at a conference in Missouri a few years ago, he used a PowerPoint presentation that mistakenly included the names and photos of 16 Bethesda kindergartners, along with phone numbers. It also listed the names, student identification numbers and reading…
Unauthorized access gained to Heartland Dental databases
Adam Greenberg reports: Illinois-based Heartland Dental is notifying an undisclosed number of individuals that unauthorized access was gained to a limited portion of its IT systems, and that personal data may have been compromised. How many victims? Undisclosed. What type of personal information? Names, addresses, phone numbers, Social Security numbers, email addresses, certain information related to income and…
St. Martin Parish School Based Health Centers breach
As I’ve often noted on PogoWasRight.org, student health records are generally covered under FERPA, not HIPAA. When a school district provides a health center, however, the student’s health records may be covered by HIPAA, as seems to be the case with the St. Martin Parish School Based Health Centers in Louisiana. They notified HHS last…
NY: Montefiore Health System employee stole 12,517 patients’ information
From their web site: Montefiore Health System is notifying certain patients about a security incident involving information that was stolen by a former employee. The employee compromised the information of 12,517 patients, which included names, addresses, dates of birth, Social Security numbers, next of kin information, and health insurance details. The theft occurred between January 2013…
Seek and ye shall find: CareFirst notifies brokers and members of 2014 breach
Sometimes doing the right thing can be costly. In the wake of increasing attacks on health insurers (e.g., Anthem, Premera), CareFirst BlueCross BlueShield retained Mandiant to do an end-to-end assessment of their information security environment. The assessment included multiple scans to determine if there was any evidence of any attack. On April 21, 2015, Mandiant uncovered evidence…