Even Google has breaches that need to be reported. From a notification letter to Googlers that will be going out on May 9th: I am writing to follow up on an email we recently sent you about an issue that involves your personal information. The details of the issue are below. What Happened? We recently…
Category: Subcontractor
CA: Humboldt County Notice of Data Breach
May 2, 2016 The County of Humboldt announced today that five computer terminals used by the public in an office on the fifth floor of the county courthouse were misconfigured by a third-party software provider, potentially allowing access to limited confidential information. On April 4, 2016, the county learned that individuals accessing parcel information in…
Stolen billing vendor’s laptop held patient info from 8 medical facilities
EqualizeRCM Services is a vendor providing billing and collection services to healthcare providers. In compliance with HIPAA, it has Business Associate contracts with its clients, who provide it with the information needed to fulfill its functions. The firm has headquarters in Austin, Texas, and offices in Houston and Washington, D.C. On February 29, EqualizeRCM learned that a…
Stanford University continues to investigate breach involving employee W-2 data
There’s been an update to a previously noted breach report out of Stanford University. On April 12, I had reported that compromise of employees’ W-2 data had been linked to the university’s service vendor, W-2 Express, a service of Equifax. The breach did not appear to involve a breach of W-2 Express’s system or of Stanford University’s network. Rather,…
Florida Hospital Medical Group notifies patients after transcription service error
Florida Hospital Medical Group recently notifed HHS of a breach affecting 1,906 patients. Although the breach reportedly involved a transcription service, the entry on HHS’s public breach tool does not indicate any business associate was involved. In digging into this report, I found that the Orlando Sentinel had reported the incident on April 8: If you’re…
Settlement reached in lawsuit after laptop stolen from Edmonton Medicentre
Bill Mah reports that a lawsuit filed after a 2013 Medicentres breach has settled. The incident involved a laptop with information on 620,000 Albertans being stolen from the clinic. The laptop belonged to an employee of their IT consultant, AbleIT Inc. The Privacy Commissioner would later rule that the clinic had failed to adequately protect their…