It’s not just edtech vendors students need to watch out for when it comes to privacy and data security. Vendors that help process student loans may also put you at risk, as this notification from AccessLex Institute (dba Access Group) reminds us. The nonprofit organization, which provides financial education resources and services, writes: Dear [Name]:…
Category: Subcontractor
Transcription Service Leaked Medical Records
Brian Krebs reports: MEDantex, a Kansas-based company that provides medical transcription services for hospitals, clinics and private physicians, took down its customer Web portal last week after being notified by KrebsOnSecurity that it was leaking sensitive patient medical records — apparently for thousands of physicians. On Friday, KrebsOnSecurity learned that the portion of MEDantex’s site…
TN: County Schools Testing Disrupted By Suspected Hacking of Questar
Eugenia Estes reports: Annual state-mandated assessment testing did not get off to the best start this week for many systems, including Greene County Schools, due to what is being investigated as a cyber attack on the company that handles online TN Ready testing for the state. Although there were some disruptions to the testing for…
MedWatch LLC notifies members whose protected health information was exposed on the internet
Florida-headquartered MedWatch, LLC is a care management company, providing risk management solutions to the self-funded health plan market. On or about April 13, they started notifying their clients’ health plan members after learning that a vendor misconfiguration error had exposed protected health information between October 20, 2017 and December 15, 2017. MedWatch did not name…
Personal information of 1 million potential college applicants ‘exposed inadvertently’
Emily Tate reports that a vendor in the higher education space exposed more than 1 million potential college applicants’ information due to a misconfigured rsync backup: The data — which included names, phone numbers, email addresses, home addresses, high school graduation years and, in a few cases, dates of birth and Social Security numbers —…
A covered entity’s responsibility to monitor a business associate is…. what?
There is yet another really informative post by Jeff Drummond of Jackson Walker. This one is about a CE’s responsibility to actively monitor a BA’s compliance. Jeff writes, in part: Lexology today led me to this article by Adam Green’s crew at Davis Wright Tremaine. It turns out, there is specific language in the December…