In a recent press release, the Identity Theft Resource Center (ITRC) pointed out that in some cases, we only find out about breaches because a state lists the reports it receives online. Some recent submissions to the New Hampshire Attorney General’s Office are a case in point. Although most of the breaches reported below would…
Category: U.S.
Oregon State U. notifies 34,000 of computer virus
Clearly Oregon State University does not pay enough attention to security bloggers who have derided such trite phrases as “in an abundance of caution.” Their press release from today: Oregon State University is notifying 34,000 current and former employees that a computer containing some of their personal information was recently infected by a virus, even…
(update) Conn. AG wants teachers board to explain lost data
The Associated Press reports: Connecticut Attorney General Richard Blumenthal says the state Teachers’ Retirement Board owes its members identity theft protection and an explanation after waiting six months to inform them of a lost flash drive containing retirement data. Blumenthal said Wednesday he is urging the board to give more than 58,000 members identity theft…
California Department of Health Care Services notifies 29,808 of missing CD
On July 6, the California Department of Health Care Services (DHCS) issued the following press release: The California Department of Health Care Services (DHCS) has reported to federal authorities that a missing compact disc (CD) delivered to the department may not have been encrypted by the sender, Care 1st Health Plan. The CD contains personal…
SunBridge Healthcare notifies 3,830 residents of stolen laptop
On July 9, SunBridge Healthcare Corporation of New Mexico issued the following press release: A password-protected laptop computer, containing resident information from 10 states was stolen in May 2010. The states involved are Arizona, California, Colorado, Idaho, Montana, New Mexico, Oklahoma, Utah, Washington and Wyoming. The theft was immediately reported to local law enforcement and…
No more anonymous “private practice” on HHS breach list
HHS has now started revealing the names of the HIPAA-covered entities who had previously been listed only as “private practice” in their list of those having breaches affecting 500 or more individuals. PHIprivacy.net had been one of a number of entities that had complained about private practices being shielded, but OCR had interpreted the Privacy…