What should states do when notification is made but took more than one year? Are explanations sufficient to avoid any penalties for late notice? Here’s a case where notice to some individuals was made more than 7 months after discovery of a problem, but others did not get notified for more than one year. Read…
Category: U.S.
OH: ‘Human error’ causes county data loss
Jennifer Woods reports: Due to “human error,” up to six months of data for a few county offices was lost or had to be re-uploaded to a computer system in December, according to the Fayette County Commissioners. Essentially, the data was being transferred by an employee of “YourColo” from one system into a more secure…
NM: 2 months after ransomware attack, Las Cruces Public Schools still crippled by limited internet access
KVIA reports: More than two months after a massive ransomware attack compromised the Las Cruces Public Schools network, a union president told ABC-7 that educators are forced to work extra hours “at the expense of their well-being.” “It has become very overwhelming for our educators,” said Denise Sheehan, the president of the National Education Association in Las…
OR: The City of Bend discloses Click2Gov breach
The City of Bend was recently informed that a potential data security incident may have compromised the payment card information of some City utility customers who made one-time utility bill payments or enrolled in auto pay using a credit or debit card between August 30, 2019 and October 14, 2019. The data that may have…
Mercy Health Lorain Hospital Laboratory patients notified of HIPAA breach due to contractor invoice printing error
Although no actual or attempted access or misuse of patient or guarantor information has been discovered, RCM Enterprise Services, Inc. (“RCM”) is providing notice to certain individuals regarding an error in the invoice mailing process that caused individually identifiable information to appear in the clear address “window” on medical invoices. RCM provides patient billing services…
KS: Computer Programmer Sentenced In Cyberattack Threat Case
A Wichita computer programmer was sentenced today to three years federal probation and a $2,000 fine for threatening cyberattacks against two web sites that posted criticism of Wichita lawyer Brad Pistotnik, U.S. Attorney Stephen McAllister said. David Dorsett, 37, Wichita, Kan., pleaded guilty to two counts of making extortionate threats via the internet. In his…