There is yet another really informative post by Jeff Drummond of Jackson Walker. This one is about a CE’s responsibility to actively monitor a BA’s compliance. Jeff writes, in part: Lexology today led me to this article by Adam Green’s crew at Davis Wright Tremaine. It turns out, there is specific language in the December…
Category: Subcontractor
Mistake in Some Google Groups Permissions Left Sensitive Info Accessible to Boston College community
Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…
What to Know About the Latest Data Breach Hitting Sears and Delta Customers
David Meyer reports: Both Sears and Delta Air Lines are facing the exposure of some of their customers’ credit card information, following a data breach at a mutual contractor. The company, a customer services operation called [24]7.ai, suffered the breach between Sept. 26 and Oct. 12 last year. It said in a statement that the…
Wisconsin Department of Health Services and The Management Group Announce Breach of Information
The Department of Health Services (DHS) and The Management Group (TMG) are notifying IRIS participants of a breach of information due to theft of a laptop and a work bag of a TMG IRIS Consultant on February 5. TMG mailed notifications to 779 participants on April 3 who received services from TMG who have potentially…
Curry Health Network notifies members of FastHealth breach
Last month, this site noted a FastHealth breach from 2017 that was first being disclosed. FastHealth had reported it to HHS as impacting 1,345 patients. Now Curry Health Network is notifying its members, and it’s not totally clear if these members were included in the number that had been previously reported to HHS. DataBreaches.net emailed FastHealth…