Paul Bischoff writes: An online database of more than 5 million records apparently belonging to MedicareSupplement.com was left open and accessible to the public. On May 13, 2019, Comparitech worked alongside security researcher Bob Diachenko to uncover the publicly available MongoDB instance that appears to be part of the website’s marketing leads database. MedicareSupplement.com is…
Category: U.S.
MN: Woodbury’s Merrill Arts Center hit with data theft
Bob Shaw reports: A list of donors and patrons of the Merrill Arts Center in Woodbury has been stolen. Board president Jeriann Jevning-Jones reported the theft to the Woodbury Police, saying the theft also involved personal information of customers, sponsors and advertisers. The lists were used to raise funds for “a new area theater company…
Former employee of University of Pittsburgh Medical Center and Allegheny Health Network sentenced to 1 year in prison for disclosing patient files
There’s an update to a HIPAA breach case that this site has been following since 2018, when DOJ announced that Linda S. Kalina had been indicted by a federal grand jury in Pittsburgh and charged with six counts of wrongfully obtaining and disclosing the health information of another individual. In March of this year, she…
IN: Franciscan Health Provides Notice Of Privacy Breach
On May 24, 2019, Franciscan Health confirmed through an internal investigation that one employee in the quality research for Franciscan Health accessed protected health information (PHI) of approximately 2,200 patients without a business reason. The conduct was identified as part of Franciscan Health’s privacy audit process. At this time, there is no evidence that the…
Legislation Seeks to Regulate Privacy and Security of Wearables and Genetic Testing Kits
Lindsey Tonsager, Anna D. Kraus and Jayne Ponder of Covington & Burling write: Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health…
Dominion National investigates and notifies after discovering unauthorized access to servers that began as early as 2010
ARLINGTON, Va., June 21, 2019 /PRNewswire/ — Today, Dominion National, an insurer and administrator of dental and vision benefits, announced that it is addressing a data security incident involving some personal information that Dominion National maintains in connection with the services it provides. On April 24, 2019, through Dominion National’s investigation of an internal alert and…