In August, 2019, Hy-Vee announced that it was investigating a payment card breach affecting customers who had used some of their fuel pumps, drive-thru coffee shops, and restaurants. Three days later, Brian Krebs reported: On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked…
Category: U.S.
Toledo Public Schools Seeking Individuals Who May Not Have Received Notice of Security Breach
Public Notice: January 14, 2021 As previously reported on this website and in the news media, Toledo Public Schools experienced a security incident in September which later resulted in the potential access, viewing or removal of personal information for some current and former TPS students and employees. Such personal information may include, but is not necessarily limited…
Excellus to pay $5 million to settle charges stemming from breach that impacted 9.3 million
Excellus Health Plan, Inc. has agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach…
Ronald McDonald House notifying almost 18,000 guests of Blackbaud breach
Those of us who frequently check state attorneys general sites are well aware that there are still many consumers and patients who are first being notified of the Blackbaud ransomware incident last year. Ronald McDonald House is well-known in the U.S., for offering housing accommodations to families who have children being treated for serious illnesses. …
Co: Pitkin County COVID-19 case investigations inadvertently exposed online
PITKIN COUNTY, Colo., Jan. 14, 2021 /PRNewswire/ — Pitkin County learned of an incident that may affect the privacy of certain information and is providing notice so that affected individuals may take steps to better protect their personal information, should they feel it is appropriate to do so. To date, Pitkin County has seen no evidence that any personal information…
M.D. Anderson’s $4.3 Million Fine for Patient Data Loss Vacated
This is huge. Mary Anne Pazanowski reports: The University of Texas’s M.D. Anderson Cancer Center dodged a $4.3 million fine for losing over 35,000 people’s protected health information after the Fifth Circuit ruled Thursday that HHS acted arbitrarily and capriciously in finding that the provider violated two information security regulations. You can read more on…