Mintie Betts reports: Athens ISD Board of Trustees has agreed to pay a $50,000 ransom for school data that was taken in a criminal ransomware attack. The attack targeted data stored on district servers, backup systems, and hundreds of computers. As a result, access to data has been blocked including teacher communications, student schedules, grades,…
Category: U.S.
Vermont Tax Department exposed 3 years worth of tax return info
Sergiu Gatlan reports: The Vermont Department of Taxes today disclosed that taxpayers’ private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. The data breach affected all Vermonters who electronically filed Property Transfer Tax returns using the tax department’s site between February 2017 and July 2020….
More pharmacy chains report HIPAA breaches linked to looting during protests
First it was Walmart disclosing that their pharmacies in stores in California and Chicago had suffered damage and theft by looters of medications ready for pickup with patient information on labels. Then it was CVS, who notified HHS that more than 21,000 patients’ information may have been compromised by looters who stole or accessed prescriptions…
Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach
In April, 2017, Lifespan issued a statement disclosing a stolen laptop incident involving unencrypted protected health information. In at least two places in their statement they claim that they are committed to protecting the security and confidentiality of patient data. Today, OCR announced a settlement with Lifespan in which Lifespan is to pay more than…
White House Tells EPIC to Delete COVID-19 Records, EPIC Declines
I usually post items from EPIC.org over on PogoWasRight.org, but this one gets posted as a government breach on this site, too. In an unusual development, the White House directed EPIC this week to delete a set of records that EPIC recently obtained from the Office of Science & Technology Policy—a request which EPIC declined….
University of Utah notifying patients after phishing attack
Did University of Utah Health really have three phishing incidents this year? Maybe not. I was confused when I saw a new listing on HHS’s public breach tool this week. The incident, reported to HHS on July 20, reportedly affected 10,000 patients and involved PHI located in email. As such, it seemed to match an…