Sometimes I see breaches on HHS’s public breach tool but can find no web site for the covered entity or any substitute notice online. Such was the case with an entry for “Daniel A. Sheldon, M.D., P.A.,” an orthopaedic surgeon in Florida. The breach tool entry indicated that on September 16, 2015, the doctor had…
Category: Subcontractor
Fashion to Figure notifying customers of payment card compromise
Fashion to Figure (B. Lane, Inc.) is notifying customers of a breach involving malware inserted on their web host’s server. The malware was reportedly inserted on the unnamed host’s server on May 19, but Fashion to Figure did not realize it until October 16, when they started investigating why a web page was loading slowly. Potentially compromised…
Experian Posts $20M Charge Related to T-Mobile Data Breach
Diana Goovaerts reports: In its earnings report for the six months ended September 30, 2015, Experian posted a charge of $20 million stemming from its response to an October security breach that exposed the data of millions of T-Mobile customers. According to the report, the “one-off costs” came from Experian’s response to the hack, which included notifying impacted individuals,…
Ca: WorkSafeNB apologizes to 3,022 injured workers for privacy breach
CBC reports that too much information sharing went on when WorkSafeNB provided data to to Corporate Research Associates. The breach was not the polling firm’s fault, but WorkSafeNB’s, for providing details the contractor did not need and should not have been sent. WorkSafeNB has sent out more than three thousand letters of apology over a serious…
CT AG Jepsen, Hartford Hospital, Contractor Reach Agreement Resolving Investigation into Breach of Unencrypted Patient Information
There’s an update to a breach that I previously noted in 2012, and it reinforces the importance of your business associate contracts and the importance of monitoring them if you’re a HIPAA-covered entity: Hartford Hospital and the EMC Corporation will pay $90,000 and have agreed to institute additional training and control measures to resolve an…
Interstitial Cystitis Network notifies customers of payment card breach
The California-based Interstitial Cystitis Network is notifying customers of a breach after customers first alerted them that payment cards used on their site had been compromised. In a letter dated October 26, ICN writes that the ICN Mail Order Center (www.icnsales.com) was compromised during the period of April 6, 2015 and October 1, 2015; customers placing orders during…