John Matarese reports that a number of employees of Cincinnati Eye Institute have discovered that their identity information has been misused by criminals filing for tax refunds. While CEI claims that any breach does not involve their system, they are offering their employees credit monitoring protection services. At the present time, it’s not clear whether a business associate…
Category: U.S.
US military leak exposes ‘holy grail’ of security clearance files
Zack Whittaker reports: A unsecured backup drive has exposed thousands of US Air Force documents, including highly sensitive personnel files on senior and high-ranking officers. Security researchers found that the gigabytes of files were accessible to anyone because the internet-connected backup drive was not password protected. The files, reviewed by ZDNet, contained a range of…
Cuban national accused in UPMC tax-return scheme plans guilty plea
Torsten Ove reports: A Cuban national extradited last summer from Venezuela to face charges that he used hundreds of stolen UPMC employee identifications to file bogus tax returns for millions in refunds is prepared to admit to his crimes. Yoandy Perez Llanes, 32, and his public defender filed notice Monday that he will enter a…
VCU Health System notifies 2,700 of inappropriate access to their medical records
The Richmond Times-Dispatch reports: Virginia Commonwealth University Health System is notifying about 2,700 people that their or their minor child’s electronic medical records were inappropriately accessed over a three-year period. The university said it has no indication that the private health information has been used for any unintended purposes. The breach was found Jan. 10…
Brand New Day notifies 14,005 members after breach at vendor
From their press release of March 10: Universal Care, Inc. dba Brand New Day (BND) announced today that it has notified individuals related to a privacy incident involving information stored by a third-party vendor. The incident did not involve information that was stored or maintained on BND’s own systems. On December 28, 2016, BND learned…
Denton Heart Group notifies patients stolen hard drive held 7 years’ worth of PII/PHI
As seen on their site: Denton Heart Group (the “Clinic”), a member of HealthTexas Provider Network (HTPN) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice concerns an incident involving some of that information. On January 11, 2017, we learned that an external computer hard drive was stolen from…