Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
Category: Subcontractor
A covered entity’s responsibility to monitor a business associate is…. what?
There is yet another really informative post by Jeff Drummond of Jackson Walker. This one is about a CE’s responsibility to actively monitor a BA’s compliance. Jeff writes, in part: Lexology today led me to this article by Adam Green’s crew at Davis Wright Tremaine. It turns out, there is specific language in the December…
Mistake in Some Google Groups Permissions Left Sensitive Info Accessible to Boston College community
Steven Everett and Connor Murphy report: Until December 2017, Google Groups containing hundreds of University communications and associated documents with restricted, confidential, or otherwise sensitive information had misconfigured permission settings such that anyone who could access the Boston College G Suite—known formally as Google Apps—could view them, a Heights investigation found. The Heights notified the…
Virtua Medical Group Agrees to Pay Nearly $418,000, Tighten Data Security to Settle Allegations of Privacy Lapses Concerning Medical Treatment Files of Patients
There’s a follow-up to a breach previously reported on this site in 2016 in which a transcription vendor’s error resulted in the exposure of some Virtua Medical Group’s patients’ protected health information on the internet. It appears that New Jersey has settled charges against VMG over the incident. Of note, the charges are that the VMG…
What to Know About the Latest Data Breach Hitting Sears and Delta Customers
David Meyer reports: Both Sears and Delta Air Lines are facing the exposure of some of their customers’ credit card information, following a data breach at a mutual contractor. The company, a customer services operation called [24]7.ai, suffered the breach between Sept. 26 and Oct. 12 last year. It said in a statement that the…
Wisconsin Department of Health Services and The Management Group Announce Breach of Information
The Department of Health Services (DHS) and The Management Group (TMG) are notifying IRIS participants of a breach of information due to theft of a laptop and a work bag of a TMG IRIS Consultant on February 5. TMG mailed notifications to 779 participants on April 3 who received services from TMG who have potentially…