To follow up on my post about a Florida vendor’s misconfiguration that impacted 368,000 students as well as thousands of former and current Leon County Schools employees: I took marked exception to some of the FLVS‘s initial claims because I felt it was misleading to try to cry “hack” when it was a misconfigured server that exposed…
Category: Subcontractor
UK: Council letters with personal details found dumped in bin bag on Washington street
Kali Lindsay reports: Council tax demand letters with confidential information were found dumped in a black bin bag on a street. Found near the Galleries Shopping Centre, Washington , the bag was filled with letters from Jacobs Enforcement Agents. The letters contained details of residents owing Council Tax to 18 local authorities, including Newcastle City…
Leon County Schools vendor’s data leak exposed 368,000 current and former FLVS students’ details, LCS teacher data, and more
Leon County Schools in Tallahassee, Florida has more than 34,000 students, more than 2,400 teachers, and a total of 4,300 employees. That’s a lot of students and teachers to notify when you discover that a third-party vendor’s mistake exposed their personal information for almost two years. But it’s not as much as the vendor, Florida…
Flexible Benefit Service Corporation notifies 5,123 of phishing incident
Illinois-headquartered Flexible Benefit Service Corporation (“Flex”) is a general agency and benefit administrator serving insurance brokers, employers and insurance carriers. As such, they are a Business Associate to HIPAA-covered entities. The follow is from their notification of a security incident that was reported to HHS on February 16, as impacting 5,123 people. Flex does not indicate…
Tufts Health Plan notifies 70,320 members after vendor error exposes information in envelope window
Yes, it has happened again. Protected health information exposed in an envelope window. Why do entities still use envelopes with windows? Anyway, Tufts Health Plan explains in their notification of February 16, 2018: Subject: Notice of Inadvertent Disclosure of Health Plan Information What happened? Tufts Health Plan uses a vendor to handle mailing of member…
FastHealth notifies patients of 2017 incident involving their data
In May, 2017, this site started reporting that a number of healthcare facilities had been impacted by a breach at their vendor, Tuscaloosa-based FastHealth. FastHealth provides website and operational tools and services, including online bill payment. According to FastHealth’s news release at the time, an unauthorized third party had altered code on its web server,…