I was working today on adding details to spreadsheets that I use in calculating the gap between breach and discovery, and between discovery and notification. One of the incidents I was looking into today involved a report from Lafayette Regional Rehabilitation Hospital in Indiana. On November 25, they learned that in July, 2019 someone had…
Category: Phishing
IE: Data of 9,735 teachers shared after ‘phishing’ email breach
Katherine Donnelly reports: A data breach at the Teaching Council has led to personal information relating to 9,735 teachers being shared. The council, which holds personal data on 104,000 serving and retired teachers, has alerted those affected and said it was “not likely to result in any real risk to you in circumstances where limited…
University of Utah Health notifies patients of phishing attacks that began in January
The University of Utah Health is notifying patients whose protected health information was in some employees’ email accounts after they fell for a phishing attack. The following is a notice posted on their website March 20th: We are committed to protecting the confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving…
Oregon DHS notifies public of data breach
KTVZ reports: The Oregon Department of Human Services announced Friday that it uncovered a “phishing” incident on March 6 that affected one staff member’s e-mail. […] The security and confidentiality of private health information is critical to the Department of Human Services. While the department cannot confirm that any clients’ personal information was acquired from…
Tandem Diabetes Care notifies customers of phishing incident
Update: This incident was reported to HHS on March 17 as impacting 140,781 patients. Their press release: Tandem Diabetes Care, Inc. (“Tandem”) is committed to protecting the confidentiality and security of our customers’ information. Regrettably, this notice is to inform our customers of a recent phishing incident that may have involved some customer information. What…
Health Quest still first notifying people of July, 2018 breach in January, 2020
Having to go through numerous email accounts to determine which consumers, employees, or patients, have information in them that will necessitate notification can be a time-consuming task. In June, 2019, this site reported on what appeared to be a very long gap between discovery of a breach and notification to those affected. As reported then,…