EqualizeRCM Services is a vendor providing billing and collection services to healthcare providers. In compliance with HIPAA, it has Business Associate contracts with its clients, who provide it with the information needed to fulfill its functions. The firm has headquarters in Austin, Texas, and offices in Houston and Washington, D.C. On February 29, EqualizeRCM learned that a…
Category: U.S.
Was an Alpha Payroll Services employee cruelly fired?
Over on Salted Hash, Steve Ragan commented on the Alpha Payroll Services phishing incident, first reported on Daily Dot. The premise of his article appears to be that the employee who was fired was a victim, too. Steve writes, in part: The employee, victimized by the same person who later victimized Alpha Payroll clients, was fired because…
Stanford University continues to investigate breach involving employee W-2 data
There’s been an update to a previously noted breach report out of Stanford University. On April 12, I had reported that compromise of employees’ W-2 data had been linked to the university’s service vendor, W-2 Express, a service of Equifax. The breach did not appear to involve a breach of W-2 Express’s system or of Stanford University’s network. Rather,…
Payroll vendor employee falls for phishing scam, all clients’ W-2 data involved
It is bad enough when an employee falls for a phishing scheme that exposes fellow employees’ W-2 information. It is downright painful when an employee of a payroll services vendor falls for a scam and emails every clients’ W-2 data to criminals. Sadly, that is what happened to Alpha Payroll Services LLC. Read my story on Daily Dot.
PA Court Rejects Healthcare Data Breach Class Action Lawsuit
Elizabeth Snell reports an update to a 2010 breach previously covered on this site: The Pennsylvania Superior Court recently dismissed claims in a healthcare data breach class action lawsuit, explaining that the trial court needs to review the plaintiff’s claim under the Uniform Trade Practices and Consumer Protection Law (UTPCPL). In the case Baum v. Keystone Mercy Health…
How the Pwnedlist Got Pwned
Brian Krebs reports: Last week, I learned about a vulnerability that exposed all 866 million account credentials harvested by pwnedlist.com, a service designed to help companies track public password breaches that may create security problems for their users. The vulnerability has since been fixed, but this simple security flaw may have inadvertently exacerbated countless breaches by preserving the data lost in them…