Max Londberg reports: The personal information corresponding to more than 2,000 TriHealth patients was shared with a student mentee who was not authorized to view the data. The medical system announced the discovery Friday afternoon in a press release. Shared data included patients’ first and last names, ZIP codes, ethnicity, dates of birth and cancer…
Category: U.S.
First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records
Brian Krebs reports: The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security…
District Court Finds no CFAA Violation where Employee Shares Confidential Company Information with Competitor
Jason C. Gavejian and Maya Atrakchi of JacksonLewis write: A district court in Tennessee recently concluded in Wachter Inc. v. Cabling Innovations LLC that two former employees who allegedly shared confidential company information found on the company’s computer system with a competitor did not violate the Computer Fraud and Abuse Act (CFAA). The CFAA expressly…
Shubert Organization Suffers Data Breach
Marc Hershberg reports: Someone snuck into the Shubert Organization. According to a letter mailed to certain customers, Shubert executives came across some suspicious activity on an employee’s email account last February, and teamed up with some forensic experts to investigate what was happening. The probe found that someone had gained access to several employee’s email…
Medical Informatics Engineering Agrees to Pay $100,000 and to Implement Corrective Action Plan to Settle 2015 HIPAA Breach
From HHS, an update on the Medical Informatics Engineering breach of 2015 that resulted in a multi-state lawsuit (the first of its kind) in December, 2018: Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective…
Georgia Supreme Court Clarifies There Is No Duty to Safeguard Personal Information from a Data Breach
Gavin Reinke of Alston & Bird writes: The Georgia Supreme Court recently issued a decision holding that there is no duty to safeguard personal information from a data breach under Georgia law. Georgia Department of Labor v. McConnell involved the accidental disclosure of a spreadsheet that contained the name, social security number, home telephone number,…