At the end of June, DeepDotWeb broke the story that hackers calling themselves TheDarkOverlord (TDO) had put three databases with patient information up for sale on the dark net. Although the owners of the databases were not listed, DataBreaches.net was able to identify two of the three entities as the Athens Orthopedic Clinic (AOC) in Atlanta and Midwest Orthopedic Pain and Spine (MOPS) in Farmington, Missouri. Both entities…
Category: Of Note
Why We Should Score Data Breaches
Dan Munro had an interesting conversation with Jeff Williams of Contrast Security at BlackHat, which led to a draft scoring system for data breaches and corporate responses: Tone – Is the announcement apologetic and not blaming? Does it acknowledge that there should have been better defenses and that the breach should have been detected and been…
UK: Sage suffers data breach that may impact employees of as many as 300 companies
Lauren Fedor reports: Personal details and bank account information for employees of as many as 300 UK companies may have been compromised as part of a data breach at Sage, the UK software group. […] On Friday, the Newcastle-based group notified around 200 of its current UK business customers that their information — including employee bank…
Valley Anesthesiology and Pain Consultants Notifying 882,590 Patients PLUS all Employees and Providers of Security Incident
If you can’t prove there was no access, the presumption is that it’s a reportable breach. Today, Valley Anesthesiology and Pain Consultants (VAPC) announced that it is addressing a security incident involving certain patient, provider and employee information. VAPC is providing notice to approximately 882,590 patients, and all current and former employees and providers, who…
Bon Secours notifies 655,000 patients that vendor error exposed patient info on Internet
Bon Secours Health System, Inc. (“Bon Secours”) and its affiliates are committed to maintaining the privacy and security of our patient information. This notice is to inform our patients of an incident involving one of our vendor’s handling of some patients’ information. On June 14, 2016, Bon Secours discovered that files containing patient information inadvertently…
Walgreens avoids penalty after 9-year privacy breach investigation
I have been following this case from the beginning and wondering why the heck HHS didn’t come down on Walgreens like they did on their competitors CVS and RiteAid. And now we learn that OCR just closed the case with no penalty? Seriously? So CVS and RiteAid get clobbered by both the FTC and HHS/OCR, and Walgreens…….