Kyla Asbury reports on another small-n breach case that reportedly had huge consequences for the victim: A Wayne County woman is suing St. Mary’s Medical Center after she claims it allowed people to access her private health information that should not have had access. St. Mary’s Medical Management LLC; Cabell-Huntington Hospital Inc.; Rebecca Winters, formerly…
TaxAct Acknowledges Data Breach
Jeff Goldman reports: The tax preparation solutions provider TaxAct recently began notifying an undisclosed number of customers that their personal information may have been inappropriately accessed. “We have concluded that an unauthorized third party accessed your TaxAct account between November 10 and December 4, 2015,” the company stated in a letter [PDF] sent on January 11, 2016 to those…
AU: Canberra psychology clinic accidentally reveals clients’ personal details in email
Megan Gorrey reports that an email gaffe by psychology clinic exposed more than 200 patients’ email addresses to each other. Northside Psychology, which has offices in Hawker, Gungahlin and Erindale, admitted a “serious administrative error” meant the email addresses of all recipients were included in a message about a mindfulness seminar sent to more than 200 people on Tuesday. […] “The list…
Improper redaction exposed Virginia employees’ personal info
Earlier this week, Jigsaw Security noted that they had discovered that improper redaction of documents posted on the Virginia Dept of Human Resource Management website was potentially exposing employees’ personal information: A PDF posted by this organization contained information that was obfuscated by blocks but was a layered image so if you edit the document the…
Disciplinary action withdrawn against two dozen nurses accused in privacy breach
James Wood reports: Disciplinary measures have been dropped against dozens of Alberta Health Services employees in the case of a massive alleged privacy breach in Calgary, although some workers still face sanctions. In October, AHS announced 48 employees working out of South Health Campus faced disciplinary action, with at least one being fired, for improperly accessing a patient’s information….
Disclosure of patient’s mental health status and treatment results in strong response by Serbia’s Commissioner of Information of Public Importance and Personal Data Protection
Marko Popovic and Bogdan Ivaniševic of BDK Advokati write: In December 2015, a journalist disclosed one patient’s health data in a TV show. The data were related to the patient’s mental health and his treatment in the mental health clinic “Dr Laza Lazarevic”, in Belgrade. The Serbian Commissioner for Information of Public Importance and Personal Data Protection (“Commissioner”)…