When CoPilot Provider Support Services recently disclosed a security incident that they had known about since 2015, their statements might have led you to believe that a disgruntled former employee had hacked them or misused previously authorized access, and that law enforcement might be looking into criminal charges. If you thought that, you were wrong on both counts. CoPilot Provider Support Services (“CoPilot”) describes itself…
Category: Subcontractor
Criminal record raises more questions about fired DC case worker in patient file breach case
Tisha Lewis has an update on a previously reported incident: FOX 5 is uncovering more about a D.C. case worker who sent confidential patient files to a complete stranger she met on Facebook to lighten her workload. The files included social security numbers and medical records. It turns out this case worker also has a…
Third-party incidents continue to put patient ePHI at risk: Protenus
Protenus, Inc. has released its Breach Barometer for January. As they report, 2017 is starting out where 2016 left off: we are seeing an average of one breach per day involving health data. Protenus’s report, based on 31 incidents, reported that there were 388,307 breached records for the 26 incidents for which they had numbers. The single largest…
Vulnerability put 1.87 million Michigan employees at risk
Catherine Shaffer reports: As many as 1.87 million Michigan workers may have had their personal information exposed through a newly discovered security vulnerability in the computer system used by the Michigan Unemployment Insurance Agency. The information release affects workers whose paychecks are processed by a third-party payroll vendor. A software update installed in October 2016…
Target data breach settlement remanded by appeals court after two consumers raise concerns
It ain’t over until…. well, no body-shaming here, but Target is not out of the woods on litigation from their massive 2013 breach. Law360 is reporting: The Eighth Circuit decided Wednesday to send back to lower court the $10 million deal that let Target Corp. out of multidistrict litigation over its notorious 2013 data breach,…
MN: PrimeWest Health notifies members of Summit Reinsurance incident
Another entity affected by the Summit Reinsurance ransomware attack in March, 2016 is first notifying individuals of the incident. See this report about PrimeWest Health. The insurer notified HHS of the incident on December 29, reporting that 2,441 members were affected. The reinsurer’s breach was discovered on August 8, 2016, and yet affected entities are…