From their substitute notice: On August 15, 2016, Mercy Hospital & Medical Center discovered that some medical billing information for a total of 547 patients was potentially exposed as a result of a third-party billing service’s loss of Mercy’s documents from their offices. The information exposure occurred on August 15, 2016. We have taken the necessary…
Category: Subcontractor
Indiana business associate providing employee benefits management notifies 7,242 after laptop theft
From their notification letter, which does not explain why it took 2.5 months for them to make notifications nor where the laptop was stolen: We are writing to inform you of a data security incident at Gibson Insurance Agency, Inc. (“Gibson”) that may have resulted in the disclosure of your personal information, including your name…
TX: Katy ISD notifies parents after third-party error by SunGard K-12
Shelby Webb reports: Katy ISD warned about 78,000 of its students and staff members that their personal data – including social security numbers, names and birth dates – may have been accessed during a security breach. Katy officials notified parents in a letter dated Oct. 7, more than a month after it learned of the…
Curtis F. Robinson, M.D. notifies patients after ransomware attack on EMR provider
From the press release, this appears to be the same ransomware incident that Marin Medical Practices Concepts previously reported. Both MMPC Prima Medical Foundation subsequently reported that 5,000 patients were being notified that patient records were lost during the backup recovery process. Dr. Robinson’s practice appears to have been similarly affected. On August 22, 2016, Dr….
Vendor’s employee stole W-4 forms for SIRF scheme
A case involving identity theft reported by the USAO for the Middle District of Alabama this week: A Phenix City, Alabama man was sentenced to 24 months in prison today for his role in a stolen identity refund fraud (SIRF) scheme. According to documents filed with the court, Kenneth Fearson, 31, worked at a warehouse that…
Subcontractor error exposed Vermont Health Connect customers’ SSNs
AP reports: A security lapse earlier this summer has jeopardized the Social Security information of nearly 700 users of Vermont’s online health insurance marketplace. Vermont Public Radio reports officials learned of the security breach when one Vermont Health Connect customer found her name and Social Security number on an online document while conducting an internet search….