One of the incidents reported to HHS this month was an incident reported by QuadMed in Wisconsin. Today, I finally found some documentation as to what that incident was all about. As background, QuadMed describes itself as providing occupational health and primary care services to some clients. In some cases, they may take over an…
Category: Exposure
Tufts Health Plan notifies 70,320 members after vendor error exposes information in envelope window
Yes, it has happened again. Protected health information exposed in an envelope window. Why do entities still use envelopes with windows? Anyway, Tufts Health Plan explains in their notification of February 16, 2018: Subject: Notice of Inadvertent Disclosure of Health Plan Information What happened? Tufts Health Plan uses a vendor to handle mailing of member…
French news site L’Express exposed reader data online, failed to promptly secure it when notified
Zack Whittaker and Rayna Stamboliyska report on a data leak where it sounds like the researcher who uncovered the leak took more diligent steps to secure the data than the entity did. Here’s a bit from ZDNet’s report, but do read the whole thing. I’ve changed their headline, which emphasized GDPR, to my own perception…
Memorial Hospital at Gulfport Discloses Email Gaffe
From the hospital’s site: Memorial Hospital Reports Inadvertent Disclosure Posted Date: February 28, 2018 GULFPORT, Miss. —Memorial Hospital at Gulfport has notified approximately 1,500 patients of an inadvertent disclosure of information, including patient names and internal (Memorial) encounter numbers, that was discovered during a routine internal audit. No financial information, Social Security numbers, diagnoses, symptoms,…
Major data breach at Marine Forces Reserve impacts thousands
Shawn Snow reports: Roughly 21,426 people were impacted when an unencrypted email with an attachment containing personal confidential information was sent to the wrong email distribution list Monday morning. The compromised attachment included highly sensitive data such as truncated social security numbers, bank electronic funds transfer and bank routing numbers, truncated credit card information, mailing…
Data breach may have put Pennsylvania teachers’ personal information at risk
Jan Murphy reports: A data breach of a state Department of Education database may have potentially compromised personal information including Social Security numbers of Pennsylvania’s current and former teachers. A red notice was posted at the top of the department’s website through the weekend noting a “security incident on the Teacher Information Management System.” The…