When they discovered more than 42,000 patient records and millions of patient clinical notes exposed on a misconfigured rsync backup, researchers at UpGuard responsibly set out to notify the entity to secure their data. It turned out to be a Herculean task that would take almost two months and multiple entities to get the job…
Category: U.S.
License, ID data lost in crash: System failure affects 66,500 Hawaii residents
Max Dible reports: Marquis ID Systems, which issues state driver’s licenses and ID cards, reported Thursday that a system crash in September resulted in the loss of scans of sensitive personal documents that might prove irretrievable. The “multiple hard disk crash,” as Marquis described it, coincided with a failure of the company’s backup system and…
Oregon tax agency employee copied personal data of 36,000 people
Hillary Borrud reports: An employee at Oregon’s tax collection agency copied the data of 36,000 people, including social security numbers, and stored the files to a personal account, the state announced on Friday. The Department of Revenue detected the breach on Feb. 23 and moved quickly to remove the files from the employee’s cloud account,…
SAMBA Federal Employee Benefit Association programming error resulted in mismailed information
From their press release: SAMBA Federal Employee Benefit Association (“SAMBA”) recently learned of an incident that may affect information related to eligible family members of subscribers (“family members”) covered by the SAMBA Federal Employees Health Benefits Plan in 2017. “We take this incident, and member privacy, very seriously,” Walter E. Wilson, SAMBA’s Executive Director stated….
360,000 current and former Pennsylvania teachers notified of breach
So that breach in February affecting Pennsylvania teachers affected approximately 360,000 current and former teachers. A 30-minute exposure leads to so much cost and anxiety. Ouch.
Southeast Clinical Pathology Laboratories Notifies Patients of Stolen Laptop
From the notice on their web site: March 21, 2018 – Clinical Pathology Laboratories Southeast, Inc. (“CPLSE”) has become aware of a data security incident that may have involved the personal and protected health information of its patients and their payment guarantors. On September 20, 2017, a laptop issued to a CPLSE employee was stolen….