Francesca Fionda reports: Up on the roof of the Vancouver Public Library, privacy researcher Sarah Jamie Lewis connects a small antenna to her laptop to listen in on what appears to be a major ongoing breach of sensitive health data of patients in the Vancouver area. For months, she says, personal information has been sent…
Category: Exposure
Undisclosed number of Boy Scouts and their parents had their information exposed by Trails End
Katie Peralta reports: A partner of the Boy Scouts of America inadvertently exposed the personal information of children and their parents last month. What happened: Boy Scouts nationwide sell popcorn to raise funds for activities like camping trips — just like Girl Scouts sell cookies. To facilitate the sales process, Boy Scouts of America uses…
Data breach after lax NZTA security
Phil Pennington reports: The New Zealand Transport Agency (NZTA) has admitted to a technology botch up leaving what was meant to be a highly secure data key wide open. “The transport agency can confirm the Google API was incorrectly left open as part of the Traffic Watcher pre-production set up,” NZTA said in statement. Read…
Alive Hospice’s breach notification required a second breach notification
It occasionally happens that a breach or incident response creates a second incident of its own. That seems to be the case with Alive Hospice, as this newest press release suggests, but does this require second notification to HHS/OCR? My first impression is that it would, but I’m interested to hear what HIPAA lawyers might…
Oh good grief, Saturday edition
Seen on Twitter: BREAKING: Dutch hospital that just got fined 460.000 euro by Dutch DPA for staff snooping in medical files, is in the news today again: staff used medical files as grocery list. Left them in shopping cart supermarket. Compliance is a cultural issue!https://t.co/LhVELzgL8J #GDPR — Jeroen Terstegge (@PrivaSense) September 7, 2019 A google…
UK: Gender identity clinic leaks almost 2,000 patients’ email addresses
Chris Fox reports: The Charing Cross Gender Identity Clinic sent patients an email about an art competition, with hundreds of others CC-ed in. The clinic later tried to recall the message but the error had already been noticed. The Tavistock and Portman NHS Foundation Trust, which is responsible for the clinic, is investigating. Read more…