Molina Healthcare is notifying members of a breach of protected health information (PHI) involving an employee of their vendor, CVS. In a letter dated September 17, they write: This is to let you know that CVS, Molina Healthcare’s Over-the-Counter (OTC) benefits vendor, told us on 7/20/15 about a breach of your protected health information (PHI)….
Category: Subcontractor
Texas hits leak researcher with Civil Investigative Demand for Systema Software’s leaked data
There’s a bit of an unusual development to an incident that was first reported on DataBreaches.net. As reported previously, The leak of data on AWS from Systema Software impacted numerous individuals who filed insurance claims – primarily in California, Kansas, and Utah. In addition to personal and financial information, the leak also exposed proprietary information such as legal…
CORRECTIONS
A post describing a massive data leak/exposure incorrectly identified CSAC as one of the entities whose data were exposed. CSAC informs this site that it was CSAC-EIA, a separate organization. DataBreaches.net apologizes to CSAC for the error and has corrected the post. In that same story, York Insurance Group was also incorrectly listed as an affected…
Oops! Error by Systema Software exposes millions of records with insurance claims data and internal notes (Update3)
Insurance carriers, third party administrators (TPAs), and self-insureds had claims data exposed when a cloud-hosted claims management service inadvertently left their databases and files unprotected on a public server. Another week, another infosecurity failure that exposed oodles of personal information. This time, it’s a leak that not only exposed insurance claims data, but allegedly included internal documents that reveal how…
NC: Charlotte-Mecklenburg Schools notifies 7,600 job applicants of privacy breach
Adam Bell reports: Charlotte-Mecklenburg Schools has notified about 7,600 job applicants that their personal information, including Social Security numbers, was shared with an outside contractor without their consent. […] In a statement Tuesday morning, CMS said that one of its employees entered into an agreement with a vendor prior to obtaining proper authorization, and that resulted…
CVS confirms customer data stolen in PNI Digital Media attack (updated)
There’s an update to the PNI Digital Media breach that affected the online photo centers for major retailers such as CVS, Costco, Walmart, RiteAid, Sam’s Club. The breach was first disclosed over the summer, but now AP reports that investigators for CVS have not only confirmed the hack, but some customers’ information may have been…