As posted on their site yesterday: Please see our blog post from May 9, 2016 announcing a security incident at https://community.uservoice.com/blog/uservoice-security-incident-notification/ What Happened? In late April, the UserVoice security team learned that an unauthorized party illegally accessed one of UserVoice’s backend reporting systems and was able to view user data on a small subset of users….
Personal information displayed to others on NY’s health exchange website
Kimberly Howard reports: The New York State Department of Health is responding to an issue with the state’s health exchange website that allowed users to see the private information of other people. One user, who did not want to speak on camera, sent CBS6 a screen grab of what he says he saw when he…
Breach mitigation services raise other concerns
A number of commenters on this blog have raised concerns about giving their identity information to a firm that has been contracted to provide identity theft protection in the wake of a breach. The recurring theme is, “Why should I trust yet more people with my SSN?” And for how long will that firm retain…
Ontario health privacy breach notification bill passes third reading
Canadian Underwriter notes: An Ontario government bill proposing to increase fines, to $500,000, for health privacy violations recently passed third reading at Queen’s Park in Toronto. Bill 119 proposes some changes to Ontario’s Personal Health Information Protection Act (PHIPA). Read more on Canadian Underwriters.
Children’s National Medical Center blames former transcription vendor for privacy breach
In March, 2015, the D.C.-based Children’s National Medical Center notified 18,000 patients of a breach that occurred between July 26, 2014 and December 26, 2014 after employees fell for phishing emails. In May, 2015, they were sued over that breach. Now, CNMC has disclosed another breach, this one involving a former vendor who provided medical transcription services. Their press…
Ca: Law firm considers launching class action suit against Algonquin College over privacy breach
In June, 2015, Algonquin College in Ottawa disclosed that 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs had their personal information on a server that had been accessed. The server compromise occurred in December, 2014, but the college was initially unable to determine exactly what happened. Now a Toronto law…