From the Employees Retirement System of Texas, this breach information notice. Note that this was reported to HHS with ERS listed as a health plan, and the breach was reported as affecting 1,248,263 members, but also note that no medical or health information was reportedly involved. On August 17, 2018, the Employees Retirement System of…
Category: U.S.
Work Study Documents Accidentally Released to College Community
Saadya Chevan reports: Last April, the College’s Financial Aid office uploaded and accidentally made visible to students, faculty, and staff two confidential documents containing federal work-study (FWS) balances of 107 students from two Spring 2018 pay-periods. The documents also reveal by implication that all of these students had applied for and received financial aid awards…
A Washington ISP exposed the ‘keys to the kingdom’ after leaving a server unsecured
Zack Whittaker reports: A Washington state internet provider left an unprotected server online without a password, exposing network schematics, passwords and other sensitive files for at least six months. Worse, it took the company a week to shut off the leak, despite several phone calls and emails warning of the exposure. The little-known internet provider,…
GSA Took 800 Days to Notify Some Data Breach Victims
Joseph Marks reports: It took the General Services Administration more than 800 days to notify a handful of people that it had accidentally exposed their personal information, according to an audit released Friday. In another case, the agency took six months just to determine that a data breach related to background investigation information had occurred,…
National Ambulatory Hernia Institute notifies almost 16,000 patients of Gamma ransomware attack
On October 5, HHS received a HIPAA breach notification from the National Ambulatory Hernia Institute in California. According to the notification, the incident affected 15,974 patients. A notice prominently displayed on NAHI’s site explains that there was a ransomware incident on September 13. URGENT NOTICE – DATA BREACH SUSPECTED URGENT NOTICE: Our office has experienced a…
Indiana National Guard reports ransomware attack to server
WISH-TV reports: The Indiana National Guard revealed Thursday that a state, nonmilitary server with identifying information of its personnel was the subject of a ransomware attack. The Guard said in a news release from Master Sgt. Jeff Lowry: “As a result of this action we are in the process of notifying personnel that may be affected,…