Once again, we see a timeline where it took a loooong time before an entity actually discloses a breach, but the entity’s explanation involves how long it took to determine who was impacted. In this case, it tood from June 14, when they first became suspicious of activity that had occurred in March until November…
Category: Health Data
HK: Data breach concerns after ‘theft’ of Hong Kong gov’t phones containing details of quarantined coronavirus residents
Kelly Ho reported this on February 20: Two government mobile phones containing the personal data of 122 residents in mandatory coronavirus quarantine have gone missing, raising concerns over a potential data breach. The Office of the Government Chief Information Officer (OGCIO) announced the suspected theft on Wednesday after their staff conducted an inventory check of all…
Anxiety, depression and PTSD: The hidden epidemic of data breaches and cyber crimes
Jessica Guynn reports on the impact of breaches: Mental health professionals say data breaches and other cyber crimes are increasingly taking a heavy psychological toll on the millions of Americans whose personal information is plundered by fraudsters. It’s not just the nightmarish process of clearing your name and credit history or the struggle to get…
PIH sued after notifying patients of phishing attack that could have exposed their protected health information
On January 24, I posted a breach notification from PIH Health with a commentary on how long it took from the time of the phishing attack to notification of almost 200,000 potentially affected patients. There was nothing in their notification, however, that suggested that patients had actually had their protected health information stolen or misused….
Endeavor Energy Resources notifies employees and dependents after employee fell prey to phishing attack
Statement from Endeavor Energy Resources (via MRT): “Endeavor Energy Resources, L.P. (“Endeavor”), an oil and gas exploration and production company, discovered on Jan. 14 that earlier that day an unauthorized party, through a phishing scam, possibly gained access to unsecured protected health information stored in the corporate, Office 365 account of an Endeavor employee. After…
Personal health information of nearly 2,900 Queen’s patients sent to wrong email address
The Star Advertiser reports: An employee sent an email containing personal health information for 2,852 patients of The Queen’s Medical Center and Queen’s North Hawaii Community Hospital to the wrong address on Feb. 3, Queen’s officials announced today. No Social Security numbers or financial account information was included, so patients’ financial security is not at…