Attorney General Herbert H. Slatery III announced Wednesday that a U.S. District Court judge has signed a consent judgment negotiated by 16 states’ attorneys general and Medical Informatics Engineering, Inc. This case was the nation’s first-ever multistate lawsuit involving a HIPAA-related data breach. The lawsuit, led by Indiana, was filed in December of 2018 against…
Category: Subcontractor
Utah knew the company it picked to create standardized tests had a history of crashes and cyberattacks. It signed a $44 million contract with Questar anyway.
Courtney Tanner reports: In other states, the year-end tests were marked by glitches and cyberattacks and hourlong delays. One school district threw out its results because the software was so unreliable. In another, all of the students had to start over when the programming shut down and didn’t save their responses. Sensitive student data was…
Update: West Hartford officials warn parents of test registration platform data breach
Doug Levin kindly alerted me that the Hartford Courant has a story on the Total Registration data security incident. … The school officials said that Total Registration, used by the district to register students for certain exams, informed them that certain information provided by students including name, grade level, gender, date of birth, address, email…
Condé Nast notifies 1,100 WIRED subscribers after subscriber page vendor breach
Condé Nast is notifying about 1,100 WIRED subscribers of a breach involving their payment information. In a notification letter dated May 9, they write: The WIRED subscription page is hosted by a third-party vendor. We believe that an unauthorized party accessed our vendor’s systems in an attempt to acquire information about approximately 1,100 WIRED subscription…
Numbers from the OS, Inc. breach dribble in…
OS, Inc. provides revenue management (billing) services to covered entities. I recently reported on a phishing-related breach they experienced in 2018 that was first disclosed this month. As I noted in that post, their notification specifically mentioned a number of their affected clients. Their disclosure did not, however, provide a total number of patients affected,…
American Medical Collection Agency breach impacted 200,000 patients – Gemini Advisory
A data breach involving a medical collection agency affected more than 200,000 patients who had used the firm’s online payment portal between September, 2018 and the beginning of March, 2019. At the end of February, Gemini Advisory analysts identified a Card Not Present (CNP) database that had been posted for sale in a dark web…