Joseph Cox reports: Front Rush, a technology company that provides services to college athletics programs, exposed a server containing more than 700,000 files to the open internet, including college athletes’ medical records, performance reports, driver licenses, and other personal information. Front Rush works with over 30,000 coaches and 9,500 teams according to its website. The company…
Category: Subcontractor
OH: ‘Human error’ causes county data loss
Jennifer Woods reports: Due to “human error,” up to six months of data for a few county offices was lost or had to be re-uploaded to a computer system in December, according to the Fayette County Commissioners. Essentially, the data was being transferred by an employee of “YourColo” from one system into a more secure…
OR: The City of Bend discloses Click2Gov breach
The City of Bend was recently informed that a potential data security incident may have compromised the payment card information of some City utility customers who made one-time utility bill payments or enrolled in auto pay using a credit or debit card between August 30, 2019 and October 14, 2019. The data that may have…
Mercy Health Lorain Hospital Laboratory patients notified of HIPAA breach due to contractor invoice printing error
Although no actual or attempted access or misuse of patient or guarantor information has been discovered, RCM Enterprise Services, Inc. (“RCM”) is providing notice to certain individuals regarding an error in the invoice mailing process that caused individually identifiable information to appear in the clear address “window” on medical invoices. RCM provides patient billing services…
CO: Aurora Water announces data breach involving Click2Gov payment system
Author: Janet Oravetz reports: Personal information of some Aurora Water customers, such as names, card numbers and expiration dates, may have been compromised through a data breach, according to the city’s water department. The department made an announcement about the security incident on Monday and said customers who used the Click2Gov payment system to make one-time…
As 2019 draws to a close, some entities are taking harder look at storing PHI in employee email accounts
Okay, so two exemplars doesn’t prove any kind of trend, but I’m glad to see some entities now taking steps to reduce how much PHI is stored in employee email accounts. Here are two recent incidents, both reported to HHS in December: Healthcare Administrative Partners (HAP) is a Pennsylvania-based business associate under HIPAA. On December…