Press Release: UMC Physicians (UMCP) is educating employees on approved cloud storage solutions and notifying patients of an incident that may have compromised the privacy of protected health information held by their clinic: UMC Southwest Gastroenterology. UMCP has no evidence of actual or attempted misuse of personal information at this time. On March 12, 2019,…
Category: Exposure
UK: More than 2,000 motorists had private info exposed by DVLA after driving licences and passports were sent to the WRONG addresses
Dan Elsom reports: MORE than 2,000 drivers had confidential details exposed by the Driver and Vehicle Licensing Agency after important documents were sent to the wrong addresses. The DVLA reported 439 data breaches over a 10-month period, according to a BBC Freedom of Information investigation. Read more on The Sun.
SNP faces fines for data protection breach after election mailing error
Severin Carrell reports: The Scottish National Party faces being fined for a breach of data protection laws after sending out tens of thousands of European election mailings to the wrong addresses. The Information Commissioner’s Office confirmed on Friday morning that the SNP had referred itself for investigation after voters across Scotland received letters addressed to…
Vendor used by schools to register students for AP and PSAT exams left personal information of thousands students unsecured
A school contractor that provides online registration so students can sign up for AP and PSAT exams misconfigured their cloud storage, exposing students’ and parents’ personal information. A number of school districts or schools contract with a firm in Colorado called Total Registration, who, according to their web site, registered more than 525,000 students from…
Freedom Mobile server leak exposed customer data
Zack Whittaker reports: A security lapse at Canada’s fourth largest cell network Freedom Mobile exposed customer data. Security researchers Noam Rotem and Ran Locar found an Elasticsearch server leaking five million logs containing customer data. The server wasn’t protected with a password, allowing anyone to access the data. Rotem and Locar, who shared their findings…
Tennessee diagnostic medical imaging services company pays $3,000,000 to settle breach exposing over 300,000 patients’ protected health information
There’s an update to a case I’ve been following on this blog since 2014. From HHS, this announcement: Touchstone Medical Imaging (“Touchstone”) has agreed to pay $3,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and to adopt a corrective action plan to settle potential violations…