There’s an update to a case I’ve been covering since March, 2013, when Rafael Henriquez Polanco and his wife, Yanira Lopez, were first charged in a tax refund fraud scheme. According to court records, as part of the scheme, they paid employees at Crozer-Chester Medical Center and Chester Community Hospital to provide them with identity information of 144 patients. The hospitals…
Category: U.S.
University of California – Riverside notifying 8,000 whose SSNs were on stolen desktop
Mark Muckenfuss reports UC Riverside officials are notifying 8,000 graduate students and graduate applicants that their personal identity information is at risk. A desk-top computer stolen during a break-in at the campus’ graduate division offices March 13, contained the Social Security numbers of the students and potential students. Officials said they had no evidence that…
OK: EyeCare of Bartlesville notifies patients after hard drive locked by malware
EyeCare of Bartlesville in Oklahoma reported a breach to HHS on March 13 that appeared on HHS’s public breach tool on March 19. There was no notice on their web site that I could find at that time. Nor could I locate any public notices via a Google search. The incident was coded on HHS’s breach tool as a…
NJ: Court dismisses breach lawsuit against Horizon Blue Cross Blue Shield
In December, 2013, Horizon Blue Cross Blue Shield of New Jersey notified almost 840,000 members that their protected health information was on laptops stolen from the insurer’s Newark headquarters on November 1, 2013. At the time, Horizon BCBS reported that the laptops were password-protected, but the data were unencrypted, and After a detailed review with…
OH: Former ProMedica hospital employee indicted on criminal HIPAA and CFAA charges
It appears we have another criminal prosecution under HIPAA. In May 2014, ProMedica disclosed that almost 600 Bay Park Hospital patients were to be notified of an insider breach. In June, police announced that no criminal charges would be filed because their investigation found that no patient information such as social security numbers or financial…
Wellesley College data dumped; server vulnerable to SQLi
So yesterday, TeaMp0isoN’s timeline looked like this (click on image to enlarge): Then this happened: Creds to @_TeaMp0isoN_ For Vulnerability Alert. Login Drop. [url redacted by DataBreaches.net] — Chief (@Puttied) April 5, 2015 The data dump was prefaced with this message: DB Drop BY Chief(@Puttied). Site : http://mobius.wellesley.edu/ This is their latest Login DB as…