Jason Braverman reports: Kroger announced today that a box of pharmacy records was lost. They said in late July, a records management service, Retrievex, Inc., the company’s business associate, shipped a box of pharmacy records to the Woodstock Kroger via a third-party common carrier. Retrievex confirmed with the carrier that the box was lost in…
Category: Subcontractor
Ontario Science Centre data breach exposes 174,000 names, email addresses
David Rider reports: A summertime data breach exposed the names and email addresses of 174,000 Ontario Science Centre members, donors and others including customers for camps and birthday parties, the Star has learned. Campaigner, a company that does email blasts for the provincially owned tourist attraction, informed the science centre on Aug. 16 that “someone…
Senator Demands Review of How DHS Shares PII With Contractors
Akshaya Asokan reports: Sen. Maggie Hasan, D-N.H. is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with third parties following several recent security incidents in which such information was exposed. In an Oct. 23 letter to the GAO, Hassan writes that recent “troubling” security incidents connected to…
Open wide and say, “Ugh, My Data!!!!!”
This is the story of how mapping and analysis of an open elastic search led to the discovery of a misconfigured Amazon s3 bucket that exposed data from hundreds of thousands of dental patients. If you live in Brazil, you may already be experiencing breach fatigue from having had so much of your personal and…
CenturyLinks’ suffers data leak due to vendor error
Tim Sandle reports: CenturyLink has reported that a customer information database of 2.8 million records was found exposed. The database was affiliated with a third-party notification platform and has been exposed for 10 months. With the CenturyLink issue, the personal information of hundreds of thousands on CenturyLink customers, including name, addresses, email addresses, and phone…
Geisinger Health Plan Notifies Members About Business Associate Phishing Attack at Magellan NIA
HIPAA Journal reports: HIPAA Danville, PA-based Geisinger Health Plan has discovered the protected health information (PHI) of some of its members has been exposed as a result of a suspected phishing attack on one of its business associates, Magellan NIA. Magellan NIA provides radiology benefits management services to the health plan, which requires access to…