James T. Mulder reports: An Upstate University Hospital employee inappropriately accessed the medical records of 1,216 patients without a work or job-related reason. Upstate announced it is contacting affected patients and the U.S. Department of Health and Human Services about the privacy breach. The former employee accessed the records between Nov. 3, 2016 and Oct….
PA: May Eye Care notified 30,000 patients after ransomware incident
Ransomware continues to pose a major threat to covered entities, and not surprisingly, an incident reported to HHS in October by a Hanover, Pennsylvania eye care center turned out to be yet another ransomware incident. The practice kindly sent me a copy of the notification letter they sent to 30,000 patients: Dear Sir or Madam,…
Security breach at Nordstrom involving contract worker breached employee data
Benjamin Romano reports: Seattle-based retailer Nordstrom is notifying employees of an information-security breach that exposed their names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and more. Employees across the company received an e-mail notification and apology from co-President Blake Nordstrom on Wednesday informing them of the breach, a company spokesperson…
Ca: Department Failed To Follow Directive Following Privacy Breach: Molloy
Oh …. (insert your preferred three-letter acronym). VOCM reports from St. John’s, NL: The privacy commissioner has found a government department not only committed a privacy breach, but that it failed to follow a subsequent directive from the commissioner. Donovan Molloy says the Department of Transportation and Works relocated a number of paper records to…
NZ: Bank staff exposed for using private information to stalk
Rob Stock reports: “Employee browsing” is a term for when bank staff access customers’ private information for their own uses. And Privacy Commissioner John Edwards says banks aren’t doing enough to prevent it. Following the publication on Monday of a review of bank conduct by the Financial Markets Authority and Reserve Bank of New Zealand, Edwards said banks must…
‘DerpTroll’ Faces 10 Years in Prison for DDoSing Gaming Sites as a Teen
Tara Seals reports: After a short but disruptive career knocking popular online gaming sites offline for sport, Austin Thompson, a.k.a. “DerpTroll,” has pleaded guilty to hacking charges. He faces a maximum penalty of 10 years prison and a $250,000 fine. Thompson, a 23-year-old Utah resident, made his plea on Tuesday in federal court in San…